blob: ab6c07613eb256c28f8350737f96ff8accdcc0d5 [file] [log] [blame]
2013-01-18 Balazs Kilvady <kilvadyb@homejinni.com>
r134080 causes heap problem on linux systems where PAGESIZE != 4096
https://bugs.webkit.org/show_bug.cgi?id=102828
Reviewed by Mark Hahnenberg.
Make MarkStackSegment::blockSize as the capacity of segments of a MarkStackArray.
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreExports.def:
* heap/MarkStack.cpp:
(JSC):
(JSC::MarkStackArray::MarkStackArray):
(JSC::MarkStackArray::expand):
(JSC::MarkStackArray::donateSomeCellsTo):
(JSC::MarkStackArray::stealSomeCellsFrom):
* heap/MarkStack.h:
(JSC::MarkStackSegment::data):
(CapacityFromSize):
(MarkStackArray):
* heap/MarkStackInlines.h:
(JSC::MarkStackArray::setTopForFullSegment):
(JSC::MarkStackArray::append):
(JSC::MarkStackArray::isEmpty):
(JSC::MarkStackArray::size):
* runtime/Options.h:
(JSC):
2013-01-11 Geoffrey Garen <ggaren@apple.com>
Removed getDirectLocation and offsetForLocation and all their uses
https://bugs.webkit.org/show_bug.cgi?id=106692
Reviewed by Filip Pizlo.
getDirectLocation() and its associated offsetForLocation() relied on
detailed knowledge of the rules of PropertyOffset, JSObject, and
Structure, which is a hard thing to reverse-engineer reliably. Luckily,
it wasn't needed, and all clients either wanted a true value or a
PropertyOffset. So, I refactored accordingly.
* dfg/DFGOperations.cpp: Renamed putDirectOffset to putDirect, to clarify
that we are not putting an offset.
* runtime/JSActivation.cpp:
(JSC::JSActivation::getOwnPropertySlot): Get a value instead of a value
pointer, since we never wanted a pointer to begin with.
* runtime/JSFunction.cpp:
(JSC::JSFunction::getOwnPropertySlot): Use a PropertyOffset instead of a pointer,
so we don't have to reverse-engineer the offset from the pointer.
* runtime/JSObject.cpp:
(JSC::JSObject::put):
(JSC::JSObject::resetInheritorID):
(JSC::JSObject::inheritorID):
(JSC::JSObject::removeDirect):
(JSC::JSObject::fillGetterPropertySlot):
(JSC::JSObject::getOwnPropertyDescriptor): Renamed getDirectOffset and
putDirectOffset, as explaind above. We want to use the name "getDirectOffset"
for when the thing you're getting is the offset.
* runtime/JSObject.h:
(JSC::JSObject::getDirect):
(JSC::JSObject::getDirectOffset): Changed getDirectLocation to getDirectOffset,
since clients really wants PropertyOffsets and not locations.
(JSObject::offsetForLocation): Removed this function because it was hard
to get right.
(JSC::JSObject::putDirect):
(JSC::JSObject::putDirectUndefined):
(JSC::JSObject::inlineGetOwnPropertySlot):
(JSC::JSObject::putDirectInternal):
(JSC::JSObject::putDirectWithoutTransition):
* runtime/JSScope.cpp:
(JSC::executeResolveOperations):
(JSC::JSScope::resolvePut):
* runtime/JSValue.cpp:
(JSC::JSValue::putToPrimitive): Updated for renames.
* runtime/Lookup.cpp:
(JSC::setUpStaticFunctionSlot): Use a PropertyOffset instead of a pointer,
so we don't have to reverse-engineer the offset from the pointer.
* runtime/Structure.cpp:
(JSC::Structure::flattenDictionaryStructure): Updated for renames.
2013-01-11 Geoffrey Garen <ggaren@apple.com>
Fixed some bogus PropertyOffset ASSERTs
https://bugs.webkit.org/show_bug.cgi?id=106686
Reviewed by Gavin Barraclough.
The ASSERTs were passing a JSType instead of an inlineCapacity, due to
an incomplete refactoring.
The compiler didn't catch this because both types are int underneath.
* runtime/JSObject.h:
(JSC::JSObject::getDirect):
(JSC::JSObject::getDirectLocation):
(JSC::JSObject::offsetForLocation):
* runtime/Structure.cpp:
(JSC::Structure::addPropertyTransitionToExistingStructure): Validate against
our inline capacity, as we intended.
2012-12-16 Filip Pizlo <fpizlo@apple.com>
Rationalize array profiling for out-of-bounds and hole cases
https://bugs.webkit.org/show_bug.cgi?id=105139
Reviewed by Geoffrey Garen.
This makes ArrayProfile track whether or not we had out-of-bounds, which allows
for more precise decision-making in the DFG.
Also cleaned up ExitKinds for out-of-bounds and hole cases to make it easier to
look at them in the profiler.
Slight speed-up (5-8%) on SunSpider/crypto-md5.
* bytecode/ArrayProfile.cpp:
(JSC::ArrayProfile::computeUpdatedPrediction):
(JSC::ArrayProfile::briefDescription):
* bytecode/ArrayProfile.h:
(JSC::ArrayProfile::ArrayProfile):
(JSC::ArrayProfile::addressOfOutOfBounds):
(JSC::ArrayProfile::expectedStructure):
(JSC::ArrayProfile::structureIsPolymorphic):
(JSC::ArrayProfile::outOfBounds):
(JSC::ArrayProfile::polymorphicStructure):
* bytecode/CodeBlock.cpp:
(JSC::dumpChain):
* bytecode/ExitKind.cpp:
(JSC::exitKindToString):
(JSC::exitKindIsCountable):
* bytecode/ExitKind.h:
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::getArrayModeAndEmitChecks):
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compileDoublePutByVal):
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::compileContiguousPutByVal):
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* jit/JIT.h:
* jit/JITInlines.h:
(JSC::JIT::emitArrayProfileOutOfBoundsSpecialCase):
* jit/JITPropertyAccess.cpp:
(JSC::JIT::emitSlow_op_get_by_val):
(JSC::JIT::emitSlow_op_put_by_val):
* jit/JITPropertyAccess32_64.cpp:
(JSC::JIT::emitSlow_op_get_by_val):
(JSC::JIT::emitSlow_op_put_by_val):
* llint/LowLevelInterpreter32_64.asm:
* llint/LowLevelInterpreter64.asm:
2012-12-17 Balazs Kilvady <kilvadyb@homejinni.com>
Implement add64 for MIPS assembler after r136601
https://bugs.webkit.org/show_bug.cgi?id=104106
Reviewed by Zoltan Herczeg.
Added add64 function to MacroAssebler of MIPS.
* assembler/MacroAssemblerMIPS.h:
(JSC::MacroAssemblerMIPS::add32):
(JSC::MacroAssemblerMIPS::add64):
(MacroAssemblerMIPS):
2012-12-17 Jonathan Liu <net147@gmail.com>
Fix Math.pow implementation with MinGW-w64
https://bugs.webkit.org/show_bug.cgi?id=105087
Reviewed by Simon Hausmann.
The MinGW-w64 runtime has different behaviour for pow()
compared to other C runtimes. This results in the following
test262 tests failing with the latest MinGW-w64 runtime:
- S15.8.2.13_A14
- S15.8.2.13_A16
- S15.8.2.13_A20
- S15.8.2.13_A22
Handle the special cases that are different with MinGW-w64.
* runtime/MathObject.cpp:
(JSC::mathPow):
2012-12-16 Filip Pizlo <fpizlo@apple.com>
Bytecode dumping should show rare case profiles
https://bugs.webkit.org/show_bug.cgi?id=105133
Reviewed by Geoffrey Garen.
Refactored the dumper to call dumpBytecodeCommandAndNewLine in just one place,
rather than in all of the places. Changed the rare case profile getters to use
tryBinarySearch rather than binarySearch, so that they can be used speculatively
even if you don't know that the bytecode has rare case profiles. This actually
increases our assertion level, since it means that in release builds we will get
null and crash rather than getting some random adjacent profile. And then this
adds some printing of the rare case profiles.
* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::printUnaryOp):
(JSC::CodeBlock::printBinaryOp):
(JSC::CodeBlock::printConditionalJump):
(JSC::CodeBlock::printCallOp):
(JSC::CodeBlock::printPutByIdOp):
(JSC::CodeBlock::beginDumpProfiling):
(JSC):
(JSC::CodeBlock::dumpValueProfiling):
(JSC::CodeBlock::dumpArrayProfiling):
(JSC::CodeBlock::dumpRareCaseProfile):
(JSC::CodeBlock::dumpBytecode):
* bytecode/CodeBlock.h:
(JSC::CodeBlock::rareCaseProfileForBytecodeOffset):
(JSC::CodeBlock::specialFastCaseProfileForBytecodeOffset):
2012-12-13 Filip Pizlo <fpizlo@apple.com>
Attempt to rationalize and simplify WTF::binarySearch
https://bugs.webkit.org/show_bug.cgi?id=104890
Reviewed by Maciej Stachowiak.
Switch to using the new binarySearch() API. No change in behavior.
* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::bytecodeOffset):
(JSC::CodeBlock::codeOriginForReturn):
* bytecode/CodeBlock.h:
(JSC::CodeBlock::getStubInfo):
(JSC::CodeBlock::getByValInfo):
(JSC::CodeBlock::getCallLinkInfo):
(JSC::CodeBlock::dfgOSREntryDataForBytecodeIndex):
(JSC::CodeBlock::valueProfileForBytecodeOffset):
(JSC::CodeBlock::rareCaseProfileForBytecodeOffset):
(JSC::CodeBlock::specialFastCaseProfileForBytecodeOffset):
* dfg/DFGGraph.h:
(JSC::DFG::Graph::blockIndexForBytecodeOffset):
* dfg/DFGMinifiedGraph.h:
(JSC::DFG::MinifiedGraph::at):
* dfg/DFGOSRExitCompiler32_64.cpp:
(JSC::DFG::OSRExitCompiler::compileExit):
* dfg/DFGOSRExitCompiler64.cpp:
(JSC::DFG::OSRExitCompiler::compileExit):
* llint/LLIntSlowPaths.cpp:
(JSC::LLInt::LLINT_SLOW_PATH_DECL):
* profiler/ProfilerBytecodeSequence.cpp:
(JSC::Profiler::BytecodeSequence::indexForBytecodeIndex):
2012-12-13 Filip Pizlo <fpizlo@apple.com>
Don't assert that flags <= 0x3ff in JSTypeInfo
https://bugs.webkit.org/show_bug.cgi?id=104988
Reviewed by Sam Weinig.
This assertion doesn't accomplish anything other than crashes.
* runtime/JSTypeInfo.h:
(JSC::TypeInfo::TypeInfo):
2012-12-13 Filip Pizlo <fpizlo@apple.com>
Named lookups on HTML documents produce inconsistent results in JavaScriptCore bindings
https://bugs.webkit.org/show_bug.cgi?id=104623
Reviewed by Geoffrey Garen.
Add the notion of objects that HasImpureGetOwnPropertySlot, and use that to inhibit prototype chain caching
in some cases. This appears to be perf-neutral on benchmarks that we track.
* dfg/DFGRepatch.cpp:
(JSC::DFG::tryCacheGetByID):
(JSC::DFG::tryBuildGetByIDProtoList):
* jit/JITStubs.cpp:
(JSC::JITThunks::tryCacheGetByID):
(JSC::DEFINE_STUB_FUNCTION):
* runtime/JSTypeInfo.h:
(JSC):
(JSC::TypeInfo::hasImpureGetOwnPropertySlot):
* runtime/Operations.h:
(JSC::normalizePrototypeChainForChainAccess):
2012-12-13 Filip Pizlo <fpizlo@apple.com>
Unreviewed, roll out http://trac.webkit.org/changeset/137683.
It broke gmail.
* dfg/DFGAbstractState.cpp:
(JSC::DFG::AbstractState::execute):
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::parseBlock):
* dfg/DFGCSEPhase.cpp:
(JSC::DFG::CSEPhase::putStructureStoreElimination):
(JSC::DFG::CSEPhase::performNodeCSE):
* dfg/DFGCapabilities.h:
(JSC::DFG::canCompileOpcode):
* dfg/DFGNodeType.h:
(DFG):
* dfg/DFGOperations.cpp:
* dfg/DFGOperations.h:
* dfg/DFGPredictionPropagationPhase.cpp:
(JSC::DFG::PredictionPropagationPhase::propagate):
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* runtime/Operations.cpp:
(JSC::jsTypeStringForValue):
(JSC):
* runtime/Operations.h:
(JSC):
2012-13-11 Oliver Hunt <oliver@apple.com>
Support op_typeof in the DFG
https://bugs.webkit.org/show_bug.cgi?id=98898
Reviewed by Filip Pizlo.
Adds a TypeOf node to the DFG to support op_typeof.
* dfg/DFGAbstractState.cpp:
(JSC::DFG::AbstractState::execute):
We try to determine the result early here, and substitute in a constant.
Otherwise we leave the node intact, and set the result type to SpecString.
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::parseBlock):
Parse op_typeof
* dfg/DFGCSEPhase.cpp:
(JSC::DFG::CSEPhase::performNodeCSE):
TypeOf nodes can be subjected to pure CSE
* dfg/DFGCapabilities.h:
(JSC::DFG::canCompileOpcode):
We can handle typeof.
* dfg/DFGNodeType.h:
(DFG):
Define the node.
* dfg/DFGOperations.cpp:
* dfg/DFGOperations.h:
Add operationTypeOf to support the non-trivial cases.
* dfg/DFGPredictionPropagationPhase.cpp:
(JSC::DFG::PredictionPropagationPhase::propagate):
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
Actual codegen
* runtime/Operations.cpp:
(JSC::jsTypeStringForValue):
(JSC):
* runtime/Operations.h:
(JSC):
Some refactoring to allow us to get the type string for an
object without needing a callframe.
2012-12-12 Filip Pizlo <fpizlo@apple.com>
OSR exit compiler should emit code for resetting the execution counter that matches the logic of ExecutionCounter.cpp
https://bugs.webkit.org/show_bug.cgi?id=104791
Reviewed by Oliver Hunt.
The OSR exit compiler wants to make it so that every OSR exit does the equivalent
of:
codeBlock->m_jitExecuteCounter.setNewThreshold(
codeBlock->counterValueForOptimizeAfterLongWarmUp());
This logically involves:
- Resetting the counter to zero.
- Setting m_activeThreshold to counterValueForOptimizeAfterLongWarmUp().
- Figuring out the scaled threshold, subtracting the count so far (which is zero,
so this part is a no-op), and clipping (ExecuteCounter::clippedThreshold()).
- Setting m_counter to the negated clipped threshold.
- Setting m_totalCount to the previous count so far (which is zero) plus the
clipped threshold.
Because of the reset, which sets the count-so-far to zero, this amounts to:
- Setting m_activeThreshold to counterValueForOptimizeAfterLongWarmUp().
- Figuring out the clipped scaled threshold.
- Setting m_counter to the negated clipped scaled threshold.
- Setting m_totalCount to the (positive) clipped scaled threshold.
The code was previously not doing this, but now is. This is performance neutral.
The only change in behavior over what the code was previously doing (setting the
m_counter to the negated scaled threshold, without clipping, and then setting
the m_totalCount to the clipped scaled threshold) is that this will respond more
gracefully under memory pressure and will ensure that we get more value profile
LUBing before triggering recompilation. More LUBing is almost always a good
thing.
* dfg/DFGOSRExitCompiler.cpp:
(JSC::DFG::OSRExitCompiler::handleExitCounts):
2012-12-12 Ilya Tikhonovsky <loislo@chromium.org>
Web Inspector: Native Memory Instrumentation: remove fake root MemoryObjectInfo.
https://bugs.webkit.org/show_bug.cgi?id=104796
Reviewed by Yury Semikhatsky.
It was not a good idea to introduce a fake root MemoryObjectInfo.
It makes a problem when we visit an object without its own MemoryObjectType.
Example: RenderBox has a global pointer to a hash map.
HashMap doesn't have its own object type because it is a generic container.
It will inherit object type from the fake root memory object info.
The same could happen for another container in another class with other MemoryObjectType.
This fact forces me to create custom process method for root objects
because they need to have their own MemoryObjectInfo with customisable memory object type.
Drive by fix: InstrumentedPointer* was replaced with Wrapper* because actually it is using
for instrumented and not instrumented object classes.
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
2012-12-11 Gabor Ballabas <gaborb@inf.u-szeged.hu>
Implement add64 for ARM traditional assembler after r136601
https://bugs.webkit.org/show_bug.cgi?id=104103
Reviewed by Zoltan Herczeg.
Implement add64 function for ARM traditional macroassembler.
* assembler/MacroAssemblerARM.h:
(JSC::MacroAssemblerARM::add64):
(MacroAssemblerARM):
2012-12-11 Filip Pizlo <fpizlo@apple.com>
Unreviewed. Fix build with DFG_ENABLE(DEBUG_PROPAGATION_VERBOSE).
* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::tallyFrequentExitSites):
2012-12-11 Filip Pizlo <fpizlo@apple.com>
Profiler should show bytecode dumps as they would have been visible to the JITs, including the profiling data that the JITs would see
https://bugs.webkit.org/show_bug.cgi?id=104647
Reviewed by Oliver Hunt.
Adds more profiling data to bytecode dumps, and adds the ability to do a secondary
bytecode dump for each JIT compilation of a code block. This is relevant because both
the bytecodes, and the profiling data, may change after some number of executions.
Also fixes some random dumping code to use PrintStream& rather than
static const char[thingy].
* CMakeLists.txt:
* GNUmakefile.list.am:
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
* JavaScriptCore.xcodeproj/project.pbxproj:
* Target.pri:
* bytecode/ArrayProfile.cpp:
(JSC::dumpArrayModes):
(JSC::ArrayProfile::briefDescription):
* bytecode/ArrayProfile.h:
* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::printGetByIdOp):
(JSC::CodeBlock::printGetByIdCacheStatus):
(JSC::CodeBlock::printCallOp):
(JSC::CodeBlock::dumpValueProfiling):
(JSC::CodeBlock::dumpArrayProfiling):
(JSC::CodeBlock::dumpBytecode):
* bytecode/CodeBlock.h:
* bytecode/ValueProfile.h:
(JSC::ValueProfileBase::briefDescription):
* dfg/DFGAbstractValue.h:
(JSC::DFG::AbstractValue::dump):
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::parseCodeBlock):
* jit/JIT.cpp:
(JSC::JIT::privateCompile):
* profiler/ProfilerBytecodeSequence.cpp: Added.
(JSC::Profiler::BytecodeSequence::BytecodeSequence):
(JSC::Profiler::BytecodeSequence::~BytecodeSequence):
(JSC::Profiler::BytecodeSequence::indexForBytecodeIndex):
(JSC::Profiler::BytecodeSequence::forBytecodeIndex):
(JSC::Profiler::BytecodeSequence::addSequenceProperties):
* profiler/ProfilerBytecodeSequence.h: Added.
(JSC::Profiler::BytecodeSequence::size):
(JSC::Profiler::BytecodeSequence::at):
* profiler/ProfilerBytecodes.cpp:
(JSC::Profiler::Bytecodes::Bytecodes):
(JSC::Profiler::Bytecodes::toJS):
* profiler/ProfilerBytecodes.h:
(JSC::Profiler::Bytecodes::instructionCount):
* profiler/ProfilerCompilation.cpp:
(JSC::Profiler::Compilation::addProfiledBytecodes):
(JSC::Profiler::Compilation::toJS):
* profiler/ProfilerCompilation.h:
(JSC::Profiler::Compilation::profiledBytecodesSize):
(JSC::Profiler::Compilation::profiledBytecodesAt):
* profiler/ProfilerDatabase.cpp:
(JSC::Profiler::Database::ensureBytecodesFor):
* profiler/ProfilerDatabase.h:
* profiler/ProfilerProfiledBytecodes.cpp: Added.
(JSC::Profiler::ProfiledBytecodes::ProfiledBytecodes):
(JSC::Profiler::ProfiledBytecodes::~ProfiledBytecodes):
(JSC::Profiler::ProfiledBytecodes::toJS):
* profiler/ProfilerProfiledBytecodes.h: Added.
(JSC::Profiler::ProfiledBytecodes::bytecodes):
* runtime/CommonIdentifiers.h:
2012-12-11 Oswald Buddenhagen <oswald.buddenhagen@digia.com>
[Qt] delete dead include paths
Reviewed by Simon Hausmann.
followup to https://bugs.webkit.org/show_bug.cgi?id=93446
* JavaScriptCore.pri:
2012-12-11 Julien BRIANCEAU <jbrianceau@nds.com>
Implement add64 for SH4 assembler to fix build after r136601
https://bugs.webkit.org/show_bug.cgi?id=104377
Reviewed by Zoltan Herczeg.
* assembler/MacroAssemblerSH4.h:
(JSC::MacroAssemblerSH4::add64):
(MacroAssemblerSH4):
2012-12-10 Yury Semikhatsky <yurys@chromium.org>
Memory instrumentation: make sure each edge is reported only once
https://bugs.webkit.org/show_bug.cgi?id=104630
Reviewed by Pavel Feldman.
Changed exported symbols for MemoryInstrumentation.
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
2012-12-10 Filip Pizlo <fpizlo@apple.com>
Don't OSR exit just because a string is a rope
https://bugs.webkit.org/show_bug.cgi?id=104621
Reviewed by Michael Saboff.
Slight SunSpider speed-up at around the 0.7% level. This patch does the obvious
thing of calling a slow path to resolve ropes rather than OSR exiting if the
string is a rope.
* dfg/DFGAbstractState.cpp:
(JSC::DFG::AbstractState::execute):
* dfg/DFGArrayMode.h:
(JSC::DFG::ArrayMode::getIndexedPropertyStorageMayTriggerGC):
(ArrayMode):
* dfg/DFGCSEPhase.cpp:
(JSC::DFG::CSEPhase::putStructureStoreElimination):
* dfg/DFGOperations.cpp:
* dfg/DFGOperations.h:
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compileGetIndexedPropertyStorage):
* dfg/DFGSpeculativeJIT.h:
(JSC::DFG::SpeculativeJIT::callOperation):
2012-12-10 Gustavo Noronha Silva <gns@gnome.org>
Unreviewed distcheck fix.
* GNUmakefile.list.am:
2012-12-10 Filip Pizlo <fpizlo@apple.com>
JSC profiling and debug dump code should use inferred names when possible
https://bugs.webkit.org/show_bug.cgi?id=104519
Reviewed by Oliver Hunt.
This does as advertised: the profiler now knows the inferred name of all code blocks,
and all uses of CodeBlock::dump() dump it along with the hash.
* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::inferredName):
(JSC::CodeBlock::dumpAssumingJITType):
* bytecode/CodeBlock.h:
* profiler/ProfilerBytecodes.cpp:
(JSC::Profiler::Bytecodes::Bytecodes):
(JSC::Profiler::Bytecodes::toJS):
* profiler/ProfilerBytecodes.h:
(JSC::Profiler::Bytecodes::inferredName):
* profiler/ProfilerDatabase.cpp:
(JSC::Profiler::Database::addBytecodes):
(JSC::Profiler::Database::ensureBytecodesFor):
* profiler/ProfilerDatabase.h:
* runtime/CommonIdentifiers.h:
2012-12-09 Filip Pizlo <fpizlo@apple.com>
Profiler should say things about OSR exits
https://bugs.webkit.org/show_bug.cgi?id=104497
Reviewed by Oliver Hunt.
This adds support for profiling OSR exits. For each exit that is taken, the profiler
records the machine code address that the exit occurred on, the exit kind, the origin
stack, and the number of times that it happened.
* CMakeLists.txt:
* GNUmakefile.list.am:
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
* JavaScriptCore.xcodeproj/project.pbxproj:
* Target.pri:
* assembler/AbstractMacroAssembler.h:
(Jump):
(JSC::AbstractMacroAssembler::Jump::label):
* bytecode/CodeBlock.h:
(JSC::CodeBlock::saveCompilation):
(CodeBlock):
(JSC::CodeBlock::compilation):
(DFGData):
* bytecode/DFGExitProfile.h:
(DFG):
* bytecode/ExitKind.cpp: Added.
(JSC):
(JSC::exitKindToString):
(JSC::exitKindIsCountable):
(WTF):
(WTF::printInternal):
* bytecode/ExitKind.h: Added.
(JSC):
(WTF):
* dfg/DFGGraph.h:
(Graph):
* dfg/DFGJITCompiler.cpp:
(JSC::DFG::JITCompiler::linkOSRExits):
(JSC::DFG::JITCompiler::link):
(JSC::DFG::JITCompiler::compile):
(JSC::DFG::JITCompiler::compileFunction):
* dfg/DFGJITCompiler.h:
(JITCompiler):
* dfg/DFGOSRExitCompiler.cpp:
* jit/JIT.cpp:
(JSC::JIT::JIT):
(JSC::JIT::privateCompile):
* jit/JIT.h:
(JIT):
* jit/JumpReplacementWatchpoint.h:
(JSC::JumpReplacementWatchpoint::sourceLabel):
(JumpReplacementWatchpoint):
* profiler/ProfilerCompilation.cpp:
(JSC::Profiler::Compilation::addOSRExitSite):
(Profiler):
(JSC::Profiler::Compilation::addOSRExit):
(JSC::Profiler::Compilation::toJS):
* profiler/ProfilerCompilation.h:
(Compilation):
* profiler/ProfilerDatabase.cpp:
(JSC::Profiler::Database::newCompilation):
* profiler/ProfilerDatabase.h:
(Database):
* profiler/ProfilerOSRExit.cpp: Added.
(Profiler):
(JSC::Profiler::OSRExit::OSRExit):
(JSC::Profiler::OSRExit::~OSRExit):
(JSC::Profiler::OSRExit::toJS):
* profiler/ProfilerOSRExit.h: Added.
(Profiler):
(OSRExit):
(JSC::Profiler::OSRExit::id):
(JSC::Profiler::OSRExit::origin):
(JSC::Profiler::OSRExit::exitKind):
(JSC::Profiler::OSRExit::isWatchpoint):
(JSC::Profiler::OSRExit::counterAddress):
(JSC::Profiler::OSRExit::count):
* profiler/ProfilerOSRExitSite.cpp: Added.
(Profiler):
(JSC::Profiler::OSRExitSite::toJS):
* profiler/ProfilerOSRExitSite.h: Added.
(Profiler):
(OSRExitSite):
(JSC::Profiler::OSRExitSite::OSRExitSite):
(JSC::Profiler::OSRExitSite::codeAddress):
* runtime/CommonIdentifiers.h:
2012-12-10 Alexis Menard <alexis@webkit.org>
[CSS3 Backgrounds and Borders] Remove CSS3_BACKGROUND feature flag.
https://bugs.webkit.org/show_bug.cgi?id=104539
Reviewed by Antonio Gomes.
As discussed on webkit-dev it is not needed to keep this feature flag
as support for <position> type is a small feature that is already
implemented by three other UAs. It was useful while landing this
feature as partial bits were landed one after one.
* Configurations/FeatureDefines.xcconfig:
2012-12-09 Filip Pizlo <fpizlo@apple.com>
DFG ArrayPush/Pop should not pass their second child as the index for blessArrayOperation()
https://bugs.webkit.org/show_bug.cgi?id=104500
Reviewed by Oliver Hunt.
Slight across-the-board speed-up.
* dfg/DFGAbstractState.cpp:
(JSC::DFG::AbstractState::execute):
* dfg/DFGFixupPhase.cpp:
(JSC::DFG::FixupPhase::fixupNode):
2012-12-08 Filip Pizlo <fpizlo@apple.com>
JSC should scale the optimization threshold for a code block according to the cost of compiling it
https://bugs.webkit.org/show_bug.cgi?id=104406
Reviewed by Oliver Hunt.
We've long known that we want to scale the execution count threshold needed for the DFG
to kick in to scale according to some estimate of the cost of compiling that code block.
This institutes a relationship like this:
threshold = thresholdSetting * (a * sqrt(instructionCount + b) + abs(c * instructionCount) + d
Where a, b, c, d are coefficients derived from fitting the above expression to various
data points, which I chose based on looking at one benchmark (3d-cube) and from my
own intuitions.
Making this work well also required changing the thresholdForOptimizeAfterLongWarmUp
from 5000 to 1000.
This is a >1% speed-up on SunSpider, a >3% speed-up on V8Spider, ~1% speed-up on V8v7,
neutral on Octane, and neutral on Kraken.
I also out-of-lined a bunch of methods related to these heuristics, because I couldn't
stand having them defined in the header anymore. I also made improvements to debugging
code because I needed it for tuning this change.
* CMakeLists.txt:
* GNUmakefile.list.am:
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
* JavaScriptCore.xcodeproj/project.pbxproj:
* Target.pri:
* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::sourceCodeForTools):
(JSC::CodeBlock::sourceCodeOnOneLine):
(JSC::CodeBlock::dumpBytecode):
(JSC::CodeBlock::CodeBlock):
(JSC::CodeBlock::reoptimizationRetryCounter):
(JSC::CodeBlock::countReoptimization):
(JSC::CodeBlock::optimizationThresholdScalingFactor):
(JSC::clipThreshold):
(JSC::CodeBlock::counterValueForOptimizeAfterWarmUp):
(JSC::CodeBlock::counterValueForOptimizeAfterLongWarmUp):
(JSC::CodeBlock::counterValueForOptimizeSoon):
(JSC::CodeBlock::checkIfOptimizationThresholdReached):
(JSC::CodeBlock::optimizeNextInvocation):
(JSC::CodeBlock::dontOptimizeAnytimeSoon):
(JSC::CodeBlock::optimizeAfterWarmUp):
(JSC::CodeBlock::optimizeAfterLongWarmUp):
(JSC::CodeBlock::optimizeSoon):
(JSC::CodeBlock::adjustedExitCountThreshold):
(JSC::CodeBlock::exitCountThresholdForReoptimization):
(JSC::CodeBlock::exitCountThresholdForReoptimizationFromLoop):
(JSC::CodeBlock::shouldReoptimizeNow):
(JSC::CodeBlock::shouldReoptimizeFromLoopNow):
* bytecode/CodeBlock.h:
* bytecode/ExecutionCounter.cpp:
(JSC::ExecutionCounter::hasCrossedThreshold):
* bytecode/ReduceWhitespace.cpp: Added.
(JSC::reduceWhitespace):
* bytecode/ReduceWhitespace.h: Added.
* dfg/DFGCapabilities.cpp:
(JSC::DFG::mightCompileEval):
(JSC::DFG::mightCompileProgram):
(JSC::DFG::mightCompileFunctionForCall):
(JSC::DFG::mightCompileFunctionForConstruct):
(JSC::DFG::mightInlineFunctionForCall):
(JSC::DFG::mightInlineFunctionForConstruct):
* dfg/DFGCapabilities.h:
* dfg/DFGDisassembler.cpp:
(JSC::DFG::Disassembler::dumpHeader):
* dfg/DFGOSREntry.cpp:
(JSC::DFG::prepareOSREntry):
* jit/JITDisassembler.cpp:
(JSC::JITDisassembler::dumpHeader):
* jit/JITStubs.cpp:
(JSC::DEFINE_STUB_FUNCTION):
* llint/LLIntSlowPaths.cpp:
(JSC::LLInt::entryOSR):
(JSC::LLInt::LLINT_SLOW_PATH_DECL):
* profiler/ProfilerDatabase.cpp:
(JSC::Profiler::Database::ensureBytecodesFor):
* runtime/Options.h:
2012-12-07 Jonathan Liu <net147@gmail.com>
Add missing forward declaration for JSC::ArrayAllocationProfile
https://bugs.webkit.org/show_bug.cgi?id=104425
Reviewed by Kentaro Hara.
The header for the JSC::ArrayConstructor class is missing a forward
declaration for the JSC::ArrayAllocationProfile class which causes
compilation to fail when compiling with MinGW-w64.
* runtime/ArrayConstructor.h:
(JSC):
2012-12-07 Jonathan Liu <net147@gmail.com>
Add missing const qualifier to JSC::CodeBlock::getJITType()
https://bugs.webkit.org/show_bug.cgi?id=104424
Reviewed by Laszlo Gombos.
JSC::CodeBlock::getJITType() has the const qualifier when JIT is
enabled but is missing the const qualifier when JIT is disabled.
* bytecode/CodeBlock.h:
(JSC::CodeBlock::getJITType):
2012-12-07 Oliver Hunt <oliver@apple.com>
Make function code cache proportional to main codeblock cache
https://bugs.webkit.org/show_bug.cgi?id=104420
Reviewed by Geoffrey Garen.
Makes the constants determining the recently used function cache proportional
to the number of root codeblocks in the cache. Also renames the constants to
make them more clear.
* runtime/CodeCache.h:
2012-12-06 Filip Pizlo <fpizlo@apple.com>
Strange results calculating a square root in a loop
https://bugs.webkit.org/show_bug.cgi?id=104247
<rdar://problem/12826880>
Reviewed by Oliver Hunt.
Fixed the CFG simplification phase to ignore dead GetLocals in the first of the blocks
under the merge. This fixes the assertion, and is also cleaner: our general rule is
to not "revive" things that we've already proved to be dead.
Also fixed some rotted debug code.
* dfg/DFGCFGSimplificationPhase.cpp:
(JSC::DFG::CFGSimplificationPhase::fixPossibleGetLocal):
* dfg/DFGStructureCheckHoistingPhase.cpp:
(JSC::DFG::StructureCheckHoistingPhase::run):
2012-12-07 Geoffrey Garen <ggaren@apple.com>
Crash in JSC::Bindings::RootObject::globalObject() sync'ing notes in Evernote
https://bugs.webkit.org/show_bug.cgi?id=104321
<rdar://problem/12770497>
Reviewed by Sam Weinig.
Work around a JSValueUnprotect(NULL) in Evernote.
* API/JSValueRef.cpp:
(evernoteHackNeeded):
(JSValueUnprotect):
2012-12-06 Filip Pizlo <fpizlo@apple.com>
Incorrect inequality for checking whether a statement is within bounds of a handler
https://bugs.webkit.org/show_bug.cgi?id=104313
<rdar://problem/12808934>
Reviewed by Geoffrey Garen.
The most relevant change is in handlerForBytecodeOffset(), which fixes the inequality
used for checking whether a handler is pertinent to the current instruction. '<' is
correct, but '<=' isn't, since the 'end' is not inclusive.
Also found, and addressed, a benign goof in how the finally inliner works: sometimes
we will have end > start. This falls out naturally from how the inliner works and how
we pop scopes in the bytecompiler, but it's sufficiently surprising that, to avoid any
future confusion, I added a comment and some code to prune those handlers out. Because
of how the handler resolution works, these handlers would have been skipped anyway.
Also made various fixes to debugging code, which was necessary for tracking this down.
* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::dumpBytecode):
(JSC::CodeBlock::handlerForBytecodeOffset):
* bytecompiler/BytecodeGenerator.cpp:
(JSC::BytecodeGenerator::generate):
* bytecompiler/Label.h:
(JSC::Label::bind):
* interpreter/Interpreter.cpp:
(JSC::Interpreter::throwException):
* llint/LLIntExceptions.cpp:
(JSC::LLInt::interpreterThrowInCaller):
(JSC::LLInt::returnToThrow):
(JSC::LLInt::callToThrow):
* llint/LLIntSlowPaths.cpp:
(JSC::LLInt::LLINT_SLOW_PATH_DECL):
(JSC::LLInt::handleHostCall):
2012-12-06 Rick Byers <rbyers@chromium.org>
CSS cursor property should support webkit-image-set
https://bugs.webkit.org/show_bug.cgi?id=99493
Reviewed by Beth Dakin.
Add ENABLE_MOUSE_CURSOR_SCALE (disabled by default)
* Configurations/FeatureDefines.xcconfig:
2012-12-06 Laszlo Gombos <l.gombos@samsung.com>
[CMake] Consolidate list of files to build for JavaScriptCore
https://bugs.webkit.org/show_bug.cgi?id=104287
Reviewed by Gyuyoung Kim.
Add MemoryStatistics.cpp and ExecutableAllocator.cpp to the common
list of files and remove them from the port specific lists.
* CMakeLists.txt:
* PlatformBlackBerry.cmake:
* PlatformEfl.cmake:
* PlatformWinCE.cmake:
2012-12-06 Oliver Hunt <oliver@apple.com>
Tell heap that we've released all the compiled code.
Reviewed by Geoff Garen.
When we discard compiled code, inform the heap that we've
released an entire object graph. This informs the heap that
it might want to perform a GC soon.
* runtime/JSGlobalData.cpp:
(JSC::JSGlobalData::discardAllCode):
2012-12-06 Laszlo Gombos <l.gombos@samsung.com>
[EFL] Remove ENABLE_GLIB_SUPPORT CMake variable
https://bugs.webkit.org/show_bug.cgi?id=104278
Reviewed by Brent Fulgham.
The conditional is not required as it is always set for EFL.
* PlatformEfl.cmake:
2012-12-06 Oliver Hunt <oliver@apple.com>
Build fix, last patch rolled out logic that is now needed on ToT.
* parser/ASTBuilder.h:
(ASTBuilder):
(JSC::ASTBuilder::setFunctionStart):
* parser/Nodes.h:
(JSC::FunctionBodyNode::setFunctionStart):
(JSC::FunctionBodyNode::functionStart):
(FunctionBodyNode):
* parser/Parser.cpp:
(JSC::::parseFunctionInfo):
* parser/SyntaxChecker.h:
(JSC::SyntaxChecker::setFunctionStart):
2012-12-05 Oliver Hunt <oliver@apple.com>
Remove harmful string->function cache
https://bugs.webkit.org/show_bug.cgi?id=104193
Reviewed by Alexey Proskuryakov.
Remove the string->function code cache that turned out to actually
be quite harmful.
* runtime/CodeCache.cpp:
(JSC::CodeCache::getFunctionCodeBlock):
* runtime/CodeCache.h:
(JSC::CodeCache::clear):
2012-12-05 Halton Huo <halton.huo@intel.com>
[CMake] Unify coding style for CMake files
https://bugs.webkit.org/show_bug.cgi?id=103605
Reviewed by Laszlo Gombos.
Update cmake files(.cmake, CMakeLists.txt) with following style rules:
1. Indentation
1.1 Use spaces, not tabs.
1.2 Four spaces as indent.
2. Spacing
2.1 Place one space between control statements and their parentheses.
For eg, if (), else (), elseif (), endif (), foreach (),
endforeach (), while (), endwhile (), break ().
2.2 Do not place spaces between function and macro statements and
their parentheses. For eg, macro(), endmacro(), function(),
endfunction().
2.3 Do not place spaces between a command or function or macro and its
parentheses, or between a parenthesis and its content. For eg,
message("testing") not message( "testing") or message ("testing" )
2.4 No space at line ending.
3. Lowercase when call commands macros and functions. For eg,
add_executable() not ADD_EXECUTABLE(), set() not SET().
* CMakeLists.txt:
* PlatformBlackBerry.cmake:
* PlatformEfl.cmake:
* PlatformWinCE.cmake:
* shell/CMakeLists.txt:
* shell/PlatformBlackBerry.cmake:
* shell/PlatformEfl.cmake:
* shell/PlatformWinCE.cmake:
2012-12-05 Oliver Hunt <oliver@apple.com>
Empty parse cache when receiving a low memory warning
https://bugs.webkit.org/show_bug.cgi?id=104161
Reviewed by Filip Pizlo.
This adds a function to the globaldata to empty all code related data
structures (code in the heap and the code cache).
It also adds a function to allow the CodeCache to actually be cleared
at all.
* runtime/CodeCache.h:
(CacheMap):
(JSC::CacheMap::clear):
(JSC::CodeCache::clear):
(CodeCache):
* runtime/JSGlobalData.cpp:
(JSC::JSGlobalData::discardAllCode):
(JSC):
* runtime/JSGlobalData.h:
(JSGlobalData):
2012-12-05 Filip Pizlo <fpizlo@apple.com>
JSC profiler should not count executions of op_call_put_result because doing so changes DFG codegen
https://bugs.webkit.org/show_bug.cgi?id=104102
Reviewed by Oliver Hunt.
This removes op_call_put_result from profiling, since profiling it has an effect on
codegen. This fix enables all of SunSpider, V8, and Kraken to be profiled with the
new profiler.
To make this all fit together, the profiler now also reports in its output the exact
bytecode opcode name for each instruction (in addition to the stringified dump of that
bytecode), so that tools that grok the output can take note of op_call_put_result and
work around the fact that it has no counts.
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::parseBlock):
(JSC::DFG::ByteCodeParser::parseCodeBlock):
* dfg/DFGDriver.cpp:
(JSC::DFG::compile):
* jit/JIT.cpp:
(JSC::JIT::privateCompileMainPass):
* profiler/ProfilerBytecode.cpp:
(JSC::Profiler::Bytecode::toJS):
* profiler/ProfilerBytecode.h:
(JSC::Profiler::Bytecode::Bytecode):
(JSC::Profiler::Bytecode::opcodeID):
(Bytecode):
* profiler/ProfilerDatabase.cpp:
(JSC::Profiler::Database::ensureBytecodesFor):
* runtime/CommonIdentifiers.h:
2012-12-04 Filip Pizlo <fpizlo@apple.com>
display-profiler-output should be able to show source code
https://bugs.webkit.org/show_bug.cgi?id=104073
Reviewed by Oliver Hunt.
Modify the profiler database to store source code. For functions, we store the
function including the function signature.
* bytecode/CodeBlock.h:
(JSC::CodeBlock::unlinkedCodeBlock):
(CodeBlock):
* profiler/ProfilerBytecodes.cpp:
(JSC::Profiler::Bytecodes::Bytecodes):
(JSC::Profiler::Bytecodes::toJS):
* profiler/ProfilerBytecodes.h:
(Bytecodes):
(JSC::Profiler::Bytecodes::sourceCode):
* profiler/ProfilerDatabase.cpp:
(JSC::Profiler::Database::addBytecodes):
(JSC::Profiler::Database::ensureBytecodesFor):
* profiler/ProfilerDatabase.h:
(Database):
* runtime/CommonIdentifiers.h:
* runtime/Executable.h:
(FunctionExecutable):
(JSC::FunctionExecutable::unlinkedExecutable):
2012-12-02 Filip Pizlo <fpizlo@apple.com>
JSC should be able to report profiling data associated with the IR dumps and disassembly
https://bugs.webkit.org/show_bug.cgi?id=102999
Reviewed by Gavin Barraclough.
Added a new profiler to JSC. It's simply called "Profiler" in anticipation of it
ultimately replacing the previous profiling infrastructure. This profiler counts the
number of times that a bytecode executes in various engines, and will record both the
counts and all disassembly and bytecode dumps, into a database that can be at any
time turned into either a JS object using any global object or global data of your
choice, or can be turned into a JSON string, or saved to a file.
Currently the only use of this is the new '-p <file>' flag to the jsc command-line.
The profiler is always compiled in and normally incurs no execution time cost, but is
only activated when you create a Profiler::Database and install it in
JSGlobalData::m_perBytecodeProfiler. From that point on, all code blocks will be
compiled along with disassembly and bytecode dumps stored into the Profiler::Database,
and all code blocks will have execution counts, which are also stored in the database.
The database will continue to keep information about code blocks alive even after they
are otherwise GC'd.
This currently still has some glitches, like the fact that it only counts executions
in the JITs. Doing execution counting in the LLInt might require a bit of a rethink
about how the counting is expressed - currently it is implicit in bytecode, so there
is no easy way to "turn it on" in the LLInt. Also, right now there is no information
recorded about OSR exits or out-of-line stubs. But, even so, it's quite cool, and
gives you a peek into what JSC is doing that would otherwise not be possible.
* CMakeLists.txt:
* GNUmakefile.list.am:
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
* JavaScriptCore.xcodeproj/project.pbxproj:
* Target.pri:
* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::~CodeBlock):
* bytecode/CodeBlock.h:
(CodeBlock):
(JSC::CodeBlock::baselineVersion):
* bytecode/CodeOrigin.cpp:
(JSC::InlineCallFrame::baselineCodeBlock):
(JSC):
* bytecode/CodeOrigin.h:
(InlineCallFrame):
* dfg/DFGAbstractState.cpp:
(JSC::DFG::AbstractState::execute):
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::parseBlock):
* dfg/DFGDisassembler.cpp:
(JSC::DFG::Disassembler::dump):
(DFG):
(JSC::DFG::Disassembler::reportToProfiler):
(JSC::DFG::Disassembler::dumpHeader):
(JSC::DFG::Disassembler::append):
(JSC::DFG::Disassembler::createDumpList):
* dfg/DFGDisassembler.h:
(Disassembler):
(JSC::DFG::Disassembler::DumpedOp::DumpedOp):
(DumpedOp):
* dfg/DFGGraph.cpp:
(JSC::DFG::Graph::Graph):
(JSC::DFG::Graph::dumpCodeOrigin):
(JSC::DFG::Graph::dump):
* dfg/DFGGraph.h:
(Graph):
* dfg/DFGJITCompiler.cpp:
(JSC::DFG::JITCompiler::JITCompiler):
(JSC::DFG::JITCompiler::compile):
(JSC::DFG::JITCompiler::compileFunction):
* dfg/DFGNode.h:
(Node):
(JSC::DFG::Node::hasExecutionCounter):
(JSC::DFG::Node::executionCounter):
* dfg/DFGNodeType.h:
(DFG):
* dfg/DFGPredictionPropagationPhase.cpp:
(JSC::DFG::PredictionPropagationPhase::propagate):
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* jit/JIT.cpp:
(JSC::JIT::JIT):
(JSC::JIT::privateCompileMainPass):
(JSC::JIT::privateCompile):
* jit/JIT.h:
(JIT):
* jit/JITDisassembler.cpp:
(JSC::JITDisassembler::dump):
(JSC::JITDisassembler::reportToProfiler):
(JSC):
(JSC::JITDisassembler::dumpHeader):
(JSC::JITDisassembler::firstSlowLabel):
(JSC::JITDisassembler::dumpVectorForInstructions):
(JSC::JITDisassembler::dumpForInstructions):
(JSC::JITDisassembler::reportInstructions):
* jit/JITDisassembler.h:
(JITDisassembler):
(DumpedOp):
* jsc.cpp:
(CommandLine::CommandLine):
(CommandLine):
(printUsageStatement):
(CommandLine::parseArguments):
(jscmain):
* profiler/ProfilerBytecode.cpp: Added.
(Profiler):
(JSC::Profiler::Bytecode::toJS):
* profiler/ProfilerBytecode.h: Added.
(Profiler):
(Bytecode):
(JSC::Profiler::Bytecode::Bytecode):
(JSC::Profiler::Bytecode::bytecodeIndex):
(JSC::Profiler::Bytecode::description):
(JSC::Profiler::getBytecodeIndexForBytecode):
* profiler/ProfilerBytecodes.cpp: Added.
(Profiler):
(JSC::Profiler::Bytecodes::Bytecodes):
(JSC::Profiler::Bytecodes::~Bytecodes):
(JSC::Profiler::Bytecodes::indexForBytecodeIndex):
(JSC::Profiler::Bytecodes::forBytecodeIndex):
(JSC::Profiler::Bytecodes::dump):
(JSC::Profiler::Bytecodes::toJS):
* profiler/ProfilerBytecodes.h: Added.
(Profiler):
(Bytecodes):
(JSC::Profiler::Bytecodes::append):
(JSC::Profiler::Bytecodes::id):
(JSC::Profiler::Bytecodes::hash):
(JSC::Profiler::Bytecodes::size):
(JSC::Profiler::Bytecodes::at):
* profiler/ProfilerCompilation.cpp: Added.
(Profiler):
(JSC::Profiler::Compilation::Compilation):
(JSC::Profiler::Compilation::~Compilation):
(JSC::Profiler::Compilation::addDescription):
(JSC::Profiler::Compilation::executionCounterFor):
(JSC::Profiler::Compilation::toJS):
* profiler/ProfilerCompilation.h: Added.
(Profiler):
(Compilation):
(JSC::Profiler::Compilation::bytecodes):
(JSC::Profiler::Compilation::kind):
* profiler/ProfilerCompilationKind.cpp: Added.
(WTF):
(WTF::printInternal):
* profiler/ProfilerCompilationKind.h: Added.
(Profiler):
(WTF):
* profiler/ProfilerCompiledBytecode.cpp: Added.
(Profiler):
(JSC::Profiler::CompiledBytecode::CompiledBytecode):
(JSC::Profiler::CompiledBytecode::~CompiledBytecode):
(JSC::Profiler::CompiledBytecode::toJS):
* profiler/ProfilerCompiledBytecode.h: Added.
(Profiler):
(CompiledBytecode):
(JSC::Profiler::CompiledBytecode::originStack):
(JSC::Profiler::CompiledBytecode::description):
* profiler/ProfilerDatabase.cpp: Added.
(Profiler):
(JSC::Profiler::Database::Database):
(JSC::Profiler::Database::~Database):
(JSC::Profiler::Database::addBytecodes):
(JSC::Profiler::Database::ensureBytecodesFor):
(JSC::Profiler::Database::notifyDestruction):
(JSC::Profiler::Database::newCompilation):
(JSC::Profiler::Database::toJS):
(JSC::Profiler::Database::toJSON):
(JSC::Profiler::Database::save):
* profiler/ProfilerDatabase.h: Added.
(Profiler):
(Database):
* profiler/ProfilerExecutionCounter.h: Added.
(Profiler):
(ExecutionCounter):
(JSC::Profiler::ExecutionCounter::ExecutionCounter):
(JSC::Profiler::ExecutionCounter::address):
(JSC::Profiler::ExecutionCounter::count):
* profiler/ProfilerOrigin.cpp: Added.
(Profiler):
(JSC::Profiler::Origin::Origin):
(JSC::Profiler::Origin::dump):
(JSC::Profiler::Origin::toJS):
* profiler/ProfilerOrigin.h: Added.
(JSC):
(Profiler):
(Origin):
(JSC::Profiler::Origin::Origin):
(JSC::Profiler::Origin::operator!):
(JSC::Profiler::Origin::bytecodes):
(JSC::Profiler::Origin::bytecodeIndex):
(JSC::Profiler::Origin::operator!=):
(JSC::Profiler::Origin::operator==):
(JSC::Profiler::Origin::hash):
(JSC::Profiler::Origin::isHashTableDeletedValue):
(JSC::Profiler::OriginHash::hash):
(JSC::Profiler::OriginHash::equal):
(OriginHash):
(WTF):
* profiler/ProfilerOriginStack.cpp: Added.
(Profiler):
(JSC::Profiler::OriginStack::OriginStack):
(JSC::Profiler::OriginStack::~OriginStack):
(JSC::Profiler::OriginStack::append):
(JSC::Profiler::OriginStack::operator==):
(JSC::Profiler::OriginStack::hash):
(JSC::Profiler::OriginStack::dump):
(JSC::Profiler::OriginStack::toJS):
* profiler/ProfilerOriginStack.h: Added.
(JSC):
(Profiler):
(OriginStack):
(JSC::Profiler::OriginStack::OriginStack):
(JSC::Profiler::OriginStack::operator!):
(JSC::Profiler::OriginStack::size):
(JSC::Profiler::OriginStack::fromBottom):
(JSC::Profiler::OriginStack::fromTop):
(JSC::Profiler::OriginStack::isHashTableDeletedValue):
(JSC::Profiler::OriginStackHash::hash):
(JSC::Profiler::OriginStackHash::equal):
(OriginStackHash):
(WTF):
* runtime/CommonIdentifiers.h:
* runtime/ExecutionHarness.h:
(JSC::prepareForExecution):
(JSC::prepareFunctionForExecution):
* runtime/JSGlobalData.cpp:
(JSC::JSGlobalData::JSGlobalData):
(JSC::JSGlobalData::~JSGlobalData):
* runtime/JSGlobalData.h:
(JSGlobalData):
* runtime/Options.h:
(JSC):
2012-12-04 Filip Pizlo <fpizlo@apple.com>
Rename Profiler to LegacyProfiler
https://bugs.webkit.org/show_bug.cgi?id=104031
Rubber stamped by Mark Hahnenberg
Make room in the namespace for https://bugs.webkit.org/show_bug.cgi?id=102999.
* API/JSProfilerPrivate.cpp:
(JSStartProfiling):
(JSEndProfiling):
* CMakeLists.txt:
* GNUmakefile.list.am:
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
* JavaScriptCore.xcodeproj/project.pbxproj:
* Target.pri:
* interpreter/Interpreter.cpp:
(JSC::Interpreter::throwException):
(JSC::Interpreter::execute):
(JSC::Interpreter::executeCall):
(JSC::Interpreter::executeConstruct):
* jit/JIT.h:
* jit/JITCode.h:
* jit/JITStubs.cpp:
(JSC::DEFINE_STUB_FUNCTION):
* jit/JITStubs.h:
(JSC):
* llint/LLIntSlowPaths.cpp:
(JSC::LLInt::LLINT_SLOW_PATH_DECL):
* profiler/LegacyProfiler.cpp: Added.
(JSC):
(JSC::LegacyProfiler::profiler):
(JSC::LegacyProfiler::startProfiling):
(JSC::LegacyProfiler::stopProfiling):
(JSC::dispatchFunctionToProfiles):
(JSC::LegacyProfiler::willExecute):
(JSC::LegacyProfiler::didExecute):
(JSC::LegacyProfiler::exceptionUnwind):
(JSC::LegacyProfiler::createCallIdentifier):
(JSC::createCallIdentifierFromFunctionImp):
* profiler/LegacyProfiler.h: Added.
(JSC):
(LegacyProfiler):
(JSC::LegacyProfiler::currentProfiles):
* profiler/ProfileGenerator.cpp:
(JSC::ProfileGenerator::addParentForConsoleStart):
* profiler/ProfileNode.cpp:
* profiler/Profiler.cpp: Removed.
* profiler/Profiler.h: Removed.
* runtime/JSGlobalData.h:
(JSC):
(JSC::JSGlobalData::enabledProfiler):
(JSGlobalData):
* runtime/JSGlobalObject.cpp:
(JSC::JSGlobalObject::~JSGlobalObject):
2012-12-03 Filip Pizlo <fpizlo@apple.com>
DFG should inline code blocks that use scoped variable access
https://bugs.webkit.org/show_bug.cgi?id=103974
Reviewed by Oliver Hunt.
This mostly just turns on something we could have done all along, but also adds a few key
necessities to make this right:
1) Constant folding of SkipScope, since if we inline with a known JSFunction* then the
scope is constant.
2) Interference analysis for GetLocal<->PutScopedVar and SetLocal<->GetScopedVar.
This is not meant to be a speed-up on major benchmarks since we don't yet inline most
closure calls for entirely unrelated reasons. But on toy programs it can be >2x faster.
* dfg/DFGAbstractState.cpp:
(JSC::DFG::AbstractState::execute):
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::getScope):
(JSC::DFG::ByteCodeParser::parseResolveOperations):
* dfg/DFGCSEPhase.cpp:
(JSC::DFG::CSEPhase::scopedVarLoadElimination):
(JSC::DFG::CSEPhase::scopedVarStoreElimination):
(JSC::DFG::CSEPhase::getLocalLoadElimination):
(JSC::DFG::CSEPhase::setLocalStoreElimination):
* dfg/DFGCapabilities.h:
(JSC::DFG::canInlineResolveOperations):
2012-12-03 Filip Pizlo <fpizlo@apple.com>
Replace JSValue::description() with JSValue::dump(PrintStream&)
https://bugs.webkit.org/show_bug.cgi?id=103866
Reviewed by Darin Adler.
JSValue now has a dump() method. Anywhere that you would have wanted to use
description(), you can either do toCString(value).data(), or if the callee
is a print()/dataLog() method then you just pass the value directly.
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
* bytecode/CodeBlock.cpp:
(JSC::valueToSourceString):
(JSC::CodeBlock::finalizeUnconditionally):
* bytecode/ValueProfile.h:
(JSC::ValueProfileBase::dump):
* bytecode/ValueRecovery.h:
(JSC::ValueRecovery::dump):
* dfg/DFGAbstractValue.h:
(JSC::DFG::AbstractValue::dump):
* dfg/DFGGraph.cpp:
(JSC::DFG::Graph::dump):
* interpreter/Interpreter.cpp:
(JSC::Interpreter::dumpRegisters):
* jsc.cpp:
(functionDescribe):
* llint/LLIntSlowPaths.cpp:
(JSC::LLInt::llint_trace_value):
* runtime/JSValue.cpp:
(JSC::JSValue::dump):
* runtime/JSValue.h:
2012-12-04 Filip Pizlo <fpizlo@apple.com>
jsc command line tool's support for typed arrays should be robust against array buffer allocation errors
https://bugs.webkit.org/show_bug.cgi?id=104020
<rdar://problem/12802478>
Reviewed by Mark Hahnenberg.
Check for null buffers, since that's what typed array allocators are supposed to do. WebCore does it,
and that is indeed the contract of ArrayBuffer and TypedArrayBase.
* JSCTypedArrayStubs.h:
(JSC):
2012-12-03 Peter Rybin <prybin@chromium.org>
Web Inspector: make ASSERTION FAILED: foundPropertiesCount == object->size() more useful
https://bugs.webkit.org/show_bug.cgi?id=103254
Reviewed by Pavel Feldman.
Missing symbol WTFReportFatalError is added to the linker list.
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
2012-12-03 Alexis Menard <alexis@webkit.org>
[Mac] Enable CSS3 background-position offset by default.
https://bugs.webkit.org/show_bug.cgi?id=103905
Reviewed by Simon Fraser.
Turn the flag on by default.
* Configurations/FeatureDefines.xcconfig:
2012-12-02 Filip Pizlo <fpizlo@apple.com>
DFG should trigger rage conversion from double to contiguous if it sees a GetByVal on Double being used in an integer context
https://bugs.webkit.org/show_bug.cgi?id=103858
Reviewed by Gavin Barraclough.
A rage conversion from double to contiguous is one where you try to convert each
double to an int32.
This is probably not the last we'll hear of rage conversion from double to contiguous.
It may be better to do this right during parsing, which will result in fewer cases of
Arrayification. But even so, this looks like a straight win already - 1% speed-up on
Kraken, no major regression anywhere else.
* dfg/DFGAbstractState.cpp:
(JSC::DFG::AbstractState::execute):
* dfg/DFGArrayMode.cpp:
(JSC::DFG::ArrayMode::refine):
(JSC::DFG::arrayConversionToString):
(JSC::DFG::ArrayMode::dump):
(WTF):
(WTF::printInternal):
* dfg/DFGArrayMode.h:
(JSC::DFG::ArrayMode::withConversion):
(ArrayMode):
(JSC::DFG::ArrayMode::doesConversion):
(WTF):
* dfg/DFGFixupPhase.cpp:
(JSC::DFG::FixupPhase::fixupBlock):
(JSC::DFG::FixupPhase::fixupNode):
(JSC::DFG::FixupPhase::checkArray):
(FixupPhase):
* dfg/DFGGraph.cpp:
(JSC::DFG::Graph::dump):
* dfg/DFGNodeFlags.h:
(DFG):
* dfg/DFGOperations.cpp:
* dfg/DFGOperations.h:
* dfg/DFGPredictionPropagationPhase.cpp:
(JSC::DFG::PredictionPropagationPhase::propagate):
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::arrayify):
* dfg/DFGStructureCheckHoistingPhase.cpp:
(JSC::DFG::StructureCheckHoistingPhase::run):
* runtime/JSObject.cpp:
(JSC):
(JSC::JSObject::genericConvertDoubleToContiguous):
(JSC::JSObject::convertDoubleToContiguous):
(JSC::JSObject::rageConvertDoubleToContiguous):
(JSC::JSObject::ensureContiguousSlow):
(JSC::JSObject::rageEnsureContiguousSlow):
* runtime/JSObject.h:
(JSObject):
(JSC::JSObject::rageEnsureContiguous):
2012-12-02 Filip Pizlo <fpizlo@apple.com>
DFG CSE should not keep alive things that aren't relevant to OSR
https://bugs.webkit.org/show_bug.cgi?id=103849
Reviewed by Oliver Hunt.
Most Phantom nodes are inserted by CSE, and by default have the same children as the
node that CSE had eliminated. This change makes CSE inspect all Phantom nodes (both
those it creates and those that were created by other phases) to see if they have
children that are redundant - i.e. children that are not interesting to OSR, which
is the only reason why Phantoms exist in the first place. Being relevant to OSR is
defined as one of: (1) you're a Phi, (2) you're a SetLocal, (3) somewhere between
your definition and the Phantom there was a SetLocal that referred to you.
This is a slight speed-up in a few places.
* dfg/DFGCSEPhase.cpp:
(JSC::DFG::CSEPhase::CSEPhase):
(JSC::DFG::CSEPhase::run):
(JSC::DFG::CSEPhase::performSubstitution):
(CSEPhase):
(JSC::DFG::CSEPhase::eliminateIrrelevantPhantomChildren):
(JSC::DFG::CSEPhase::setReplacement):
(JSC::DFG::CSEPhase::eliminate):
(JSC::DFG::CSEPhase::performNodeCSE):
(JSC::DFG::CSEPhase::performBlockCSE):
2012-12-02 Filip Pizlo <fpizlo@apple.com>
It should be possible to build and run with DFG_ENABLE(PROPAGATION_VERBOSE)
https://bugs.webkit.org/show_bug.cgi?id=103848
Reviewed by Sam Weinig.
Fix random dataLog() and print() statements.
* dfg/DFGArgumentsSimplificationPhase.cpp:
(JSC::DFG::ArgumentsSimplificationPhase::run):
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::parseCodeBlock):
* dfg/DFGGraph.cpp:
(JSC::DFG::Graph::dumpBlockHeader):
* dfg/DFGPredictionPropagationPhase.cpp:
(JSC::DFG::PredictionPropagationPhase::propagate):
* dfg/DFGStructureCheckHoistingPhase.cpp:
(JSC::DFG::StructureCheckHoistingPhase::run):
2012-12-01 Filip Pizlo <fpizlo@apple.com>
CodeBlock should be able to dump bytecode to something other than WTF::dataFile()
https://bugs.webkit.org/show_bug.cgi?id=103832
Reviewed by Oliver Hunt.
Add a PrintStream& argument to all of the CodeBlock bytecode dumping methods.
* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::dumpBytecodeCommentAndNewLine):
(JSC::CodeBlock::printUnaryOp):
(JSC::CodeBlock::printBinaryOp):
(JSC::CodeBlock::printConditionalJump):
(JSC::CodeBlock::printGetByIdOp):
(JSC::dumpStructure):
(JSC::dumpChain):
(JSC::CodeBlock::printGetByIdCacheStatus):
(JSC::CodeBlock::printCallOp):
(JSC::CodeBlock::printPutByIdOp):
(JSC::CodeBlock::printStructure):
(JSC::CodeBlock::printStructures):
(JSC::CodeBlock::dumpBytecode):
* bytecode/CodeBlock.h:
(CodeBlock):
* jit/JITDisassembler.cpp:
(JSC::JITDisassembler::dumpForInstructions):
2012-11-30 Pierre Rossi <pierre.rossi@gmail.com>
[Qt] Unreviewed speculative Mac build fix after r136232
Update the include path so that LLIntAssembly.h is picked up.
The bot didn't break until later when a clean build was triggered.
* JavaScriptCore.pri:
2012-11-30 Oliver Hunt <oliver@apple.com>
Optimise more cases of op_typeof
https://bugs.webkit.org/show_bug.cgi?id=103783
Reviewed by Mark Hahnenberg.
Increase our coverage of typeof based typechecks by
making sure that the codegenerators always uses
consistent operand ordering when feeding typeof operations
into equality operations.
* bytecompiler/NodesCodegen.cpp:
(JSC::BinaryOpNode::emitBytecode):
(JSC::EqualNode::emitBytecode):
(JSC::StrictEqualNode::emitBytecode):
2012-11-30 Filip Pizlo <fpizlo@apple.com>
Rationalize and clean up DFG handling of scoped accesses
https://bugs.webkit.org/show_bug.cgi?id=103715
Reviewed by Oliver Hunt.
Previously, we had a GetScope node that specified the depth to which you wanted
to travel to get a JSScope, and the backend implementation of the node would
perform all of the necessary footwork, including potentially skipping the top
scope if necessary, and doing however many loads were needed. But there were
strange things. First, if you had accesses at different scope depths, then the
loads to get to the common depth could not be CSE'd - CSE would match only
GetScope's that had identical depth. Second, GetScope would be emitted even if
we already had the scope, for example in put_to_base. And finally, even though
the ResolveOperations could tell us whether or not we had to skip the top scope,
the backend would recompute this information itself, often pessimistically.
This eliminates GetScope and replaces it with the following:
GetMyScope: just get the JSScope from the call frame header. This will forever
mean getting the JSScope associated with the machine call frame; it will not
mean getting the scope of an inlined function. Or at least that's the intent.
SkipTopScope: check if there is an activation, and if so, skip a scope. This
takes a scope as a child and returns a scope.
SkipScope: skip one scope level.
The bytecode parser now emits the right combination of the above, and
potentially emits multiple SkipScope's, based on the ResolveOperations.
This change also includes some fixups to debug logging. We now always print
the ExecutableBase* in addition to the CodeBlock* in the CodeBlock's dump,
and we are now more verbose when dumping CodeOrigins and InlineCallFrames.
This is performance-neutral. It's just meant to be a clean-up.
* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::dumpAssumingJITType):
* bytecode/CodeOrigin.cpp:
(JSC::CodeOrigin::inlineStack):
(JSC::CodeOrigin::dump):
(JSC):
(JSC::InlineCallFrame::dump):
* bytecode/CodeOrigin.h:
(CodeOrigin):
(InlineCallFrame):
* dfg/DFGAbstractState.cpp:
(JSC::DFG::AbstractState::execute):
* dfg/DFGByteCodeParser.cpp:
(ByteCodeParser):
(JSC::DFG::ByteCodeParser::getScope):
(DFG):
(JSC::DFG::ByteCodeParser::parseResolveOperations):
(JSC::DFG::ByteCodeParser::parseBlock):
* dfg/DFGCSEPhase.cpp:
(JSC::DFG::CSEPhase::scopedVarLoadElimination):
(JSC::DFG::CSEPhase::scopedVarStoreElimination):
(JSC::DFG::CSEPhase::getMyScopeLoadElimination):
(JSC::DFG::CSEPhase::setLocalStoreElimination):
(JSC::DFG::CSEPhase::performNodeCSE):
* dfg/DFGDisassembler.cpp:
(JSC::DFG::Disassembler::dump):
* dfg/DFGGraph.cpp:
(JSC::DFG::Graph::dumpCodeOrigin):
(JSC::DFG::Graph::dumpBlockHeader):
* dfg/DFGNode.h:
(Node):
* dfg/DFGNodeType.h:
(DFG):
* dfg/DFGPredictionPropagationPhase.cpp:
(JSC::DFG::PredictionPropagationPhase::propagate):
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* jit/JITDisassembler.cpp:
(JSC::JITDisassembler::dump):
2012-11-30 Oliver Hunt <oliver@apple.com>
Add direct string->function code cache
https://bugs.webkit.org/show_bug.cgi?id=103764
Reviewed by Michael Saboff.
A fairly logically simple patch. We now track the start of the
unique portion of a functions body, and use that as our key for
unlinked function code. This allows us to cache identical code
in different contexts, leading to a small but consistent improvement
on the benchmarks we track.
* bytecode/UnlinkedCodeBlock.cpp:
(JSC::UnlinkedFunctionExecutable::UnlinkedFunctionExecutable):
* bytecode/UnlinkedCodeBlock.h:
(JSC::UnlinkedFunctionExecutable::functionStartOffset):
(UnlinkedFunctionExecutable):
* parser/ASTBuilder.h:
(ASTBuilder):
(JSC::ASTBuilder::setFunctionStart):
* parser/Nodes.cpp:
* parser/Nodes.h:
(JSC::FunctionBodyNode::setFunctionStart):
(JSC::FunctionBodyNode::functionStart):
(FunctionBodyNode):
* parser/Parser.cpp:
(JSC::::parseFunctionInfo):
* parser/Parser.h:
(JSC::Parser::findCachedFunctionInfo):
* parser/SyntaxChecker.h:
(JSC::SyntaxChecker::setFunctionStart):
* runtime/CodeCache.cpp:
(JSC::CodeCache::generateFunctionCodeBlock):
(JSC::CodeCache::getFunctionCodeBlock):
(JSC::CodeCache::usedFunctionCode):
* runtime/CodeCache.h:
2012-11-30 Allan Sandfeld Jensen <allan.jensen@digia.com>
Crash in conversion of empty OpaqueJSString to Identifier
https://bugs.webkit.org/show_bug.cgi?id=101867
Reviewed by Michael Saboff.
The constructor call used for both null and empty OpaqueJSStrings results
in an assertion voilation and crash. This patch instead uses the Identifier
constructors which are specifically for null and empty Identifier.
* API/OpaqueJSString.cpp:
(OpaqueJSString::identifier):
2012-11-30 Tor Arne Vestbø <tor.arne.vestbo@digia.com>
[Qt] Place the LLIntOffsetsExtractor binaries in debug/release subdirs on Mac
Otherwise we'll end up using the same LLIntAssembly.h for both build
configs of JavaScriptCore -- one of them which will be for the wrong
config.
Reviewed by Simon Hausmann.
* LLIntOffsetsExtractor.pro:
2012-11-30 Julien BRIANCEAU <jbrianceau@nds.com>
[sh4] Fix compilation warnings in JavaScriptCore JIT for sh4 arch
https://bugs.webkit.org/show_bug.cgi?id=103378
Reviewed by Filip Pizlo.
* assembler/MacroAssemblerSH4.h:
(JSC::MacroAssemblerSH4::branchTest32):
(JSC::MacroAssemblerSH4::branchAdd32):
(JSC::MacroAssemblerSH4::branchMul32):
(JSC::MacroAssemblerSH4::branchSub32):
(JSC::MacroAssemblerSH4::branchOr32):
2012-11-29 Rafael Weinstein <rafaelw@chromium.org>
[HTMLTemplateElement] Add feature flag
https://bugs.webkit.org/show_bug.cgi?id=103694
Reviewed by Adam Barth.
This flag will guard the implementation of the HTMLTemplateElement.
http://dvcs.w3.org/hg/webcomponents/raw-file/tip/spec/templates/index.html
* Configurations/FeatureDefines.xcconfig:
2012-11-29 Filip Pizlo <fpizlo@apple.com>
It should be easy to find code blocks in debug dumps
https://bugs.webkit.org/show_bug.cgi?id=103623
Reviewed by Goeffrey Garen.
This gives CodeBlock a relatively strong, but also relatively compact, hash. We compute
it lazily so that it only impacts run-time when debug support is enabled. We stringify
it smartly so that it's short and easy to type. We base it on the source code so that
the optimization level is irrelevant. And, we use SHA1 since it's already in our code
base. Now, when a piece of code wants to print some debugging to say that it's operating
on some code block, it can use this CodeBlockHash instead of memory addresses.
This also takes CodeBlock debugging into the new world of print() and dataLog(). In
particular, CodeBlock::dump() corresponds to the thing you want printed if you do:
dataLog("I heart ", *myCodeBlock);
Probably, you want to just print some identifying information at this point rather than
the full bytecode dump. So, the existing CodeBlock::dump() has been renamed to
CodeBlock::dumpBytecode(), and CodeBlock::dump() now prints the CodeBlockHash plus just
a few little tidbits.
Here's an example of CodeBlock::dump() output:
EkILzr:[0x103883a00, BaselineFunctionCall]
EkILzr is the CodeBlockHash. 0x103883a00 is the CodeBlock's address in memory. The other
part is self-explanatory.
Finally, this new notion of CodeBlockHash is available for other purposes like bisecting
breakage. As such CodeBlockHash has all of the comparison operator overloads. When
bisecting in DFGDriver.cpp, you can now say things like:
if (codeBlock->hash() < CodeBlockHash("CAAAAA"))
return false;
And yes, CAAAAA is near the median hash, and the largest one is smaller than E99999. Such
is life when you use base 62 to encode a 32-bit number.
* CMakeLists.txt:
* GNUmakefile.list.am:
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
* JavaScriptCore.xcodeproj/project.pbxproj:
* Target.pri:
* bytecode/CallLinkInfo.h:
(CallLinkInfo):
(JSC::CallLinkInfo::specializationKind):
* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::hash):
(JSC):
(JSC::CodeBlock::dumpAssumingJITType):
(JSC::CodeBlock::dump):
(JSC::CodeBlock::dumpBytecode):
(JSC::CodeBlock::CodeBlock):
(JSC::CodeBlock::finalizeUnconditionally):
(JSC::CodeBlock::resetStubInternal):
(JSC::CodeBlock::reoptimize):
(JSC::ProgramCodeBlock::jettison):
(JSC::EvalCodeBlock::jettison):
(JSC::FunctionCodeBlock::jettison):
(JSC::CodeBlock::shouldOptimizeNow):
(JSC::CodeBlock::tallyFrequentExitSites):
(JSC::CodeBlock::dumpValueProfiles):
* bytecode/CodeBlock.h:
(JSC::CodeBlock::specializationKind):
(CodeBlock):
(JSC::CodeBlock::getJITType):
* bytecode/CodeBlockHash.cpp: Added.
(JSC):
(JSC::CodeBlockHash::CodeBlockHash):
(JSC::CodeBlockHash::dump):
* bytecode/CodeBlockHash.h: Added.
(JSC):
(CodeBlockHash):
(JSC::CodeBlockHash::CodeBlockHash):
(JSC::CodeBlockHash::hash):
(JSC::CodeBlockHash::operator==):
(JSC::CodeBlockHash::operator!=):
(JSC::CodeBlockHash::operator<):
(JSC::CodeBlockHash::operator>):
(JSC::CodeBlockHash::operator<=):
(JSC::CodeBlockHash::operator>=):
* bytecode/CodeBlockWithJITType.h: Added.
(JSC):
(CodeBlockWithJITType):
(JSC::CodeBlockWithJITType::CodeBlockWithJITType):
(JSC::CodeBlockWithJITType::dump):
* bytecode/CodeOrigin.cpp: Added.
(JSC):
(JSC::CodeOrigin::inlineDepthForCallFrame):
(JSC::CodeOrigin::inlineDepth):
(JSC::CodeOrigin::inlineStack):
(JSC::InlineCallFrame::hash):
* bytecode/CodeOrigin.h:
(InlineCallFrame):
(JSC::InlineCallFrame::specializationKind):
(JSC):
* bytecode/CodeType.cpp: Added.
(WTF):
(WTF::printInternal):
* bytecode/CodeType.h:
(WTF):
* bytecode/ExecutionCounter.cpp:
(JSC::ExecutionCounter::dump):
* bytecode/ExecutionCounter.h:
(ExecutionCounter):
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::parseCodeBlock):
* dfg/DFGDisassembler.cpp:
(JSC::DFG::Disassembler::dump):
* dfg/DFGGraph.cpp:
(JSC::DFG::Graph::dumpCodeOrigin):
* dfg/DFGOSRExitCompiler.cpp:
* dfg/DFGOperations.cpp:
* dfg/DFGRepatch.cpp:
(JSC::DFG::generateProtoChainAccessStub):
(JSC::DFG::tryCacheGetByID):
(JSC::DFG::tryBuildGetByIDList):
(JSC::DFG::emitPutReplaceStub):
(JSC::DFG::emitPutTransitionStub):
(JSC::DFG::dfgLinkClosureCall):
* interpreter/Interpreter.cpp:
(JSC::Interpreter::dumpCallFrame):
* jit/JITCode.cpp: Added.
(WTF):
(WTF::printInternal):
* jit/JITCode.h:
(JSC::JITCode::jitType):
(WTF):
* jit/JITDisassembler.cpp:
(JSC::JITDisassembler::dump):
(JSC::JITDisassembler::dumpForInstructions):
* jit/JITPropertyAccess.cpp:
(JSC::JIT::privateCompilePutByIdTransition):
(JSC::JIT::privateCompilePatchGetArrayLength):
(JSC::JIT::privateCompileGetByIdProto):
(JSC::JIT::privateCompileGetByIdSelfList):
(JSC::JIT::privateCompileGetByIdProtoList):
(JSC::JIT::privateCompileGetByIdChainList):
(JSC::JIT::privateCompileGetByIdChain):
(JSC::JIT::privateCompileGetByVal):
(JSC::JIT::privateCompilePutByVal):
* jit/JITPropertyAccess32_64.cpp:
(JSC::JIT::privateCompilePutByIdTransition):
(JSC::JIT::privateCompilePatchGetArrayLength):
(JSC::JIT::privateCompileGetByIdProto):
(JSC::JIT::privateCompileGetByIdSelfList):
(JSC::JIT::privateCompileGetByIdProtoList):
(JSC::JIT::privateCompileGetByIdChainList):
(JSC::JIT::privateCompileGetByIdChain):
* jit/JITStubs.cpp:
(JSC::DEFINE_STUB_FUNCTION):
* runtime/CodeSpecializationKind.cpp: Added.
(WTF):
(WTF::printInternal):
* runtime/CodeSpecializationKind.h:
(JSC::specializationFromIsCall):
(JSC):
(JSC::specializationFromIsConstruct):
(WTF):
* runtime/Executable.cpp:
(JSC::ExecutableBase::hashFor):
(JSC):
(JSC::NativeExecutable::hashFor):
(JSC::ScriptExecutable::hashFor):
* runtime/Executable.h:
(ExecutableBase):
(NativeExecutable):
(ScriptExecutable):
(JSC::ScriptExecutable::source):
2012-11-29 Michael Saboff <msaboff@apple.com>
Speculative Windows build fix after r136086.
Unreviewed build fix.
Suspect that ?setDumpsGeneratedCode@BytecodeGenerator@JSC@@SAX_N@Z needs to be removed from Windows
export list since the symbol was removed in r136086.
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
2012-11-28 Filip Pizlo <fpizlo@apple.com>
SpeculatedType dumping should not use the static char buffer[thingy] idiom
https://bugs.webkit.org/show_bug.cgi?id=103584
Reviewed by Michael Saboff.
Changed SpeculatedType to be "dumpable" by saying things like:
dataLog("thingy = ", SpeculationDump(thingy))
Removed the old stringification functions, and changed all code that referred to them
to use the new dataLog()/print() style.
* CMakeLists.txt:
* GNUmakefile.list.am:
* JavaScriptCore.xcodeproj/project.pbxproj:
* Target.pri:
* bytecode/SpeculatedType.cpp:
(JSC::dumpSpeculation):
(JSC::speculationToAbbreviatedString):
(JSC::dumpSpeculationAbbreviated):
* bytecode/SpeculatedType.h:
* bytecode/ValueProfile.h:
(JSC::ValueProfileBase::dump):
* bytecode/VirtualRegister.h:
(WTF::printInternal):
* dfg/DFGAbstractValue.h:
(JSC::DFG::AbstractValue::dump):
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::injectLazyOperandSpeculation):
(JSC::DFG::ByteCodeParser::getPredictionWithoutOSRExit):
* dfg/DFGGraph.cpp:
(JSC::DFG::Graph::dump):
(JSC::DFG::Graph::predictArgumentTypes):
* dfg/DFGGraph.h:
(Graph):
* dfg/DFGStructureAbstractValue.h:
* dfg/DFGVariableAccessDataDump.cpp: Added.
(JSC::DFG::VariableAccessDataDump::VariableAccessDataDump):
(JSC::DFG::VariableAccessDataDump::dump):
* dfg/DFGVariableAccessDataDump.h: Added.
(VariableAccessDataDump):
2012-11-28 Michael Saboff <msaboff@apple.com>
Change Bytecompiler s_dumpsGeneratedCode to an Options value
https://bugs.webkit.org/show_bug.cgi?id=103588
Reviewed by Filip Pizlo.
Moved the control of dumping bytecodes to Options::dumpGeneratedBytecodes.
* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::CodeBlock):
* bytecompiler/BytecodeGenerator.cpp:
* bytecompiler/BytecodeGenerator.h:
* jsc.cpp:
(runWithScripts):
* runtime/Options.h:
2012-11-28 Mark Hahnenberg <mhahnenberg@apple.com>
Copying phase should use work lists
https://bugs.webkit.org/show_bug.cgi?id=101390
Reviewed by Filip Pizlo.
* JavaScriptCore.xcodeproj/project.pbxproj:
* heap/BlockAllocator.cpp:
(JSC::BlockAllocator::BlockAllocator):
* heap/BlockAllocator.h: New RegionSet for CopyWorkListSegments.
(BlockAllocator):
(JSC::CopyWorkListSegment):
* heap/CopiedBlock.h: Added a per-block CopyWorkList to keep track of the JSCells that need to be revisited during the copying
phase to copy their backing stores.
(CopiedBlock):
(JSC::CopiedBlock::CopiedBlock):
(JSC::CopiedBlock::didSurviveGC):
(JSC::CopiedBlock::didEvacuateBytes): There is now a one-to-one relationship between GCThreads and the CopiedBlocks they're
responsible for evacuating, we no longer need any of that fancy compare and swap stuff.
(JSC::CopiedBlock::pin):
(JSC::CopiedBlock::hasWorkList):
(JSC::CopiedBlock::workList):
* heap/CopiedBlockInlines.h: Added.
(JSC::CopiedBlock::reportLiveBytes): Since we now have to grab a SpinLock to perform operations on the CopyWorkList during marking,
we don't need to do any of that fancy compare and swap stuff we were doing for tracking live bytes.
* heap/CopiedSpace.h:
(CopiedSpace):
* heap/CopiedSpaceInlines.h:
(JSC::CopiedSpace::pin):
* heap/CopyVisitor.cpp:
(JSC::CopyVisitor::copyFromShared): We now iterate over a range of CopiedBlocks rather than MarkedBlocks and revisit the cells in those
blocks' CopyWorkLists.
* heap/CopyVisitor.h:
(CopyVisitor):
* heap/CopyVisitorInlines.h:
(JSC::CopyVisitor::visitCell): The function responsible for calling the correct copyBackingStore() function for each JSCell from
a CopiedBlock's CopyWorkList.
(JSC::CopyVisitor::didCopy): We no longer need to check if the block is empty here because we know exactly when we're done
evacuating a CopiedBlock, which is when we've gone through all of the CopiedBlock's CopyWorkList.
* heap/CopyWorkList.h: Added.
(CopyWorkListSegment): Individual chunk of a CopyWorkList that is allocated from the BlockAllocator.
(JSC::CopyWorkListSegment::create):
(JSC::CopyWorkListSegment::size):
(JSC::CopyWorkListSegment::isFull):
(JSC::CopyWorkListSegment::get):
(JSC::CopyWorkListSegment::append):
(JSC::CopyWorkListSegment::CopyWorkListSegment):
(JSC::CopyWorkListSegment::data):
(JSC::CopyWorkListSegment::endOfBlock):
(CopyWorkListIterator): Responsible for giving CopyVisitors a contiguous notion of access across the separate CopyWorkListSegments
that make up each CopyWorkList.
(JSC::CopyWorkListIterator::get):
(JSC::CopyWorkListIterator::operator*):
(JSC::CopyWorkListIterator::operator->):
(JSC::CopyWorkListIterator::operator++):
(JSC::CopyWorkListIterator::operator==):
(JSC::CopyWorkListIterator::operator!=):
(JSC::CopyWorkListIterator::CopyWorkListIterator):
(CopyWorkList): Data structure that keeps track of the JSCells that need copying in a particular CopiedBlock.
(JSC::CopyWorkList::CopyWorkList):
(JSC::CopyWorkList::~CopyWorkList):
(JSC::CopyWorkList::append):
(JSC::CopyWorkList::begin):
(JSC::CopyWorkList::end):
* heap/GCThreadSharedData.cpp:
(JSC::GCThreadSharedData::GCThreadSharedData): We no longer use the m_blockSnapshot from the Heap during the copying phase.
(JSC::GCThreadSharedData::didStartCopying): We now copy the set of all blocks in the CopiedSpace to a separate vector for
iterating over during the copying phase since the set stored in the CopiedSpace will change as blocks are evacuated and
recycled throughout the copying phase.
* heap/GCThreadSharedData.h:
(GCThreadSharedData):
* heap/Heap.h:
(Heap):
* heap/SlotVisitor.h: We now need to know the object who is being marked that has a backing store so that we can store it
in a CopyWorkList to revisit later during the copying phase.
* heap/SlotVisitorInlines.h:
(JSC::SlotVisitor::copyLater):
* runtime/JSObject.cpp:
(JSC::JSObject::visitButterfly):
2012-11-28 Filip Pizlo <fpizlo@apple.com>
Disassembly methods should be able to disassemble to any PrintStream& rather than always using WTF::dataFile()
https://bugs.webkit.org/show_bug.cgi?id=103492
Reviewed by Mark Hahnenberg.
Switched disassembly code to use PrintStream&, and to use print() rather than printf().
* dfg/DFGDisassembler.cpp:
(JSC::DFG::Disassembler::dump):
(DFG):
(JSC::DFG::Disassembler::dumpDisassembly):
* dfg/DFGDisassembler.h:
(Disassembler):
* dfg/DFGGraph.cpp:
(JSC::DFG::printWhiteSpace):
(JSC::DFG::Graph::dumpCodeOrigin):
(JSC::DFG::Graph::printNodeWhiteSpace):
(JSC::DFG::Graph::dump):
(DFG):
(JSC::DFG::Graph::dumpBlockHeader):
* dfg/DFGGraph.h:
(Graph):
* jit/JITDisassembler.cpp:
(JSC::JITDisassembler::dump):
(JSC::JITDisassembler::dumpForInstructions):
(JSC::JITDisassembler::dumpDisassembly):
* jit/JITDisassembler.h:
(JITDisassembler):
2012-11-28 Filip Pizlo <fpizlo@apple.com>
It should be possible to say dataLog("count = ", count, "\n") instead of dataLogF("count = %d\n", count)
https://bugs.webkit.org/show_bug.cgi?id=103009
Reviewed by Michael Saboff.
Instead of converting all of JSC to use the new dataLog()/print() methods, I just changed
one place: dumping of abstract values. This is mainly just to ensure that the code I
added to WTF is actually doing things.
* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::dump):
* dfg/DFGAbstractValue.h:
(JSC::DFG::AbstractValue::dump):
(WTF):
(WTF::printInternal):
* dfg/DFGStructureAbstractValue.h:
(JSC::DFG::StructureAbstractValue::dump):
(WTF):
(WTF::printInternal):
2012-11-28 Oliver Hunt <oliver@apple.com>
Make source cache include more information about the function extent.
https://bugs.webkit.org/show_bug.cgi?id=103552
Reviewed by Gavin Barraclough.
Add a bit more information to the source cache.
* parser/Parser.cpp:
(JSC::::parseFunctionInfo):
Store the function start offset
* parser/SourceProviderCacheItem.h:
(JSC::SourceProviderCacheItem::SourceProviderCacheItem):
(SourceProviderCacheItem):
Add additional field for the start of the real function string, and re-arrange
fields to avoid growing the struct.
2012-11-27 Filip Pizlo <fpizlo@apple.com>
Convert some remaining uses of FILE* to PrintStream&.
Rubber stamped by Mark Hahnenberg.
* bytecode/ValueProfile.h:
(JSC::ValueProfileBase::dump):
* bytecode/ValueRecovery.h:
(JSC::ValueRecovery::dump):
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::parseCodeBlock):
* dfg/DFGNode.h:
(JSC::DFG::Node::dumpChildren):
2012-11-27 Filip Pizlo <fpizlo@apple.com>
Fix indentation in JSValue.h
Rubber stamped by Mark Hahnenberg.
* runtime/JSValue.h:
2012-11-26 Filip Pizlo <fpizlo@apple.com>
DFG SetLocal should use forwardSpeculationCheck instead of its own half-baked version of same
https://bugs.webkit.org/show_bug.cgi?id=103353
Reviewed by Oliver Hunt and Gavin Barraclough.
Made it possible to use forward speculations for most of the operand classes. Changed the conditional
direction parameter from being 'bool isForward' to an enum (SpeculationDirection). Changed SetLocal
to use forward speculations and got rid of its half-baked version of same.
Also added the ability to force the DFG's disassembler to dump all nodes, even ones that are dead.
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::parseBlock):
* dfg/DFGDisassembler.cpp:
(JSC::DFG::Disassembler::dump):
* dfg/DFGDriver.cpp:
(JSC::DFG::compile):
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::speculationCheck):
(DFG):
(JSC::DFG::SpeculativeJIT::convertLastOSRExitToForward):
(JSC::DFG::SpeculativeJIT::speculationWatchpoint):
(JSC::DFG::SpeculativeJIT::terminateSpeculativeExecution):
(JSC::DFG::SpeculativeJIT::fillStorage):
* dfg/DFGSpeculativeJIT.h:
(SpeculativeJIT):
(JSC::DFG::SpeculateIntegerOperand::SpeculateIntegerOperand):
(JSC::DFG::SpeculateIntegerOperand::gpr):
(SpeculateIntegerOperand):
(JSC::DFG::SpeculateDoubleOperand::SpeculateDoubleOperand):
(JSC::DFG::SpeculateDoubleOperand::fpr):
(SpeculateDoubleOperand):
(JSC::DFG::SpeculateCellOperand::SpeculateCellOperand):
(JSC::DFG::SpeculateCellOperand::gpr):
(SpeculateCellOperand):
(JSC::DFG::SpeculateBooleanOperand::SpeculateBooleanOperand):
(JSC::DFG::SpeculateBooleanOperand::gpr):
(SpeculateBooleanOperand):
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
(JSC::DFG::SpeculativeJIT::fillSpeculateInt):
(JSC::DFG::SpeculativeJIT::fillSpeculateIntStrict):
(JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
(JSC::DFG::SpeculativeJIT::fillSpeculateCell):
(JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
(JSC::DFG::SpeculativeJIT::fillSpeculateInt):
(JSC::DFG::SpeculativeJIT::fillSpeculateIntStrict):
(JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
(JSC::DFG::SpeculativeJIT::fillSpeculateCell):
(JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
(JSC::DFG::SpeculativeJIT::compile):
* runtime/Options.h:
(JSC):
2012-11-26 Daniel Bates <dbates@webkit.org>
Substitute "allSeparators8Bit" for "allSeperators8Bit" in JSC::jsSpliceSubstringsWithSeparators()
<https://bugs.webkit.org/show_bug.cgi?id=103303>
Reviewed by Simon Fraser.
Fix misspelled word, "Seperators" [sic], in a local variable name in JSC::jsSpliceSubstringsWithSeparators().
* runtime/StringPrototype.cpp:
(JSC::jsSpliceSubstringsWithSeparators):
2012-11-26 Daniel Bates <dbates@webkit.org>
JavaScript fails to handle String.replace() with large replacement string
https://bugs.webkit.org/show_bug.cgi?id=102956
<rdar://problem/12738012>
Reviewed by Oliver Hunt.
Fix an issue where we didn't check for overflow when computing the length
of the result of String.replace() with a large replacement string.
* runtime/StringPrototype.cpp:
(JSC::jsSpliceSubstringsWithSeparators):
2012-11-26 Zeno Albisser <zeno@webkit.org>
[Qt] Fix the LLInt build on Mac
https://bugs.webkit.org/show_bug.cgi?id=97587
Reviewed by Simon Hausmann.
* DerivedSources.pri:
* JavaScriptCore.pro:
2012-11-26 Oliver Hunt <oliver@apple.com>
32-bit build fix. Move the method decalration outside of the X86_64 only section.
* assembler/MacroAssembler.h:
(MacroAssembler):
(JSC::MacroAssembler::shouldConsiderBlinding):
2012-11-26 Oliver Hunt <oliver@apple.com>
Don't blind all the things.
https://bugs.webkit.org/show_bug.cgi?id=102572
Reviewed by Gavin Barraclough.
No longer blind all the constants in the instruction stream. We use a
simple non-deterministic filter to avoid blinding everything. Also modified
the basic integer blinding logic to avoid blinding small negative values.
* assembler/MacroAssembler.h:
(MacroAssembler):
(JSC::MacroAssembler::shouldConsiderBlinding):
(JSC::MacroAssembler::shouldBlind):
2012-11-26 Mark Hahnenberg <mhahnenberg@apple.com>
JSObject::copyButterfly doesn't handle undecided indexing types correctly
https://bugs.webkit.org/show_bug.cgi?id=102573
Reviewed by Filip Pizlo.
We don't do any copying into the newly allocated vector and we don't zero-initialize CopiedBlocks
during the copying phase, so we end up with uninitialized memory in arrays which have undecided indexing
types. We should just do the actual memcpy from the old block to the new one.
* runtime/JSObject.cpp:
(JSC::JSObject::copyButterfly): Just do the same thing that we do for other contiguous indexing types.
2012-11-26 Julien BRIANCEAU <jbrianceau@nds.com>
[sh4] JavaScriptCore JIT build is broken since r135330
Add missing implementation for sh4 arch.
https://bugs.webkit.org/show_bug.cgi?id=103145
Reviewed by Oliver Hunt.
* assembler/MacroAssemblerSH4.h:
(JSC::MacroAssemblerSH4::canJumpReplacePatchableBranchPtrWithPatch):
(MacroAssemblerSH4):
(JSC::MacroAssemblerSH4::startOfBranchPtrWithPatchOnRegister):
(JSC::MacroAssemblerSH4::revertJumpReplacementToBranchPtrWithPatch):
(JSC::MacroAssemblerSH4::startOfPatchableBranchPtrWithPatchOnAddress):
(JSC::MacroAssemblerSH4::revertJumpReplacementToPatchableBranchPtrWithPatch):
* assembler/SH4Assembler.h:
(JSC::SH4Assembler::revertJump):
(SH4Assembler):
(JSC::SH4Assembler::printInstr):
2012-11-26 Yuqiang Xian <yuqiang.xian@intel.com>
Use load64 instead of loadPtr to load a JSValue on JSVALUE64 platforms
https://bugs.webkit.org/show_bug.cgi?id=100909
Reviewed by Brent Fulgham.
This is a (trivial) fix after r132701.
* dfg/DFGOSRExitCompiler64.cpp:
(JSC::DFG::OSRExitCompiler::compileExit):
2012-11-26 Gabor Ballabas <gaborb@inf.u-szeged.hu>
[Qt][ARM] REGRESSION(r130826): It made 33 JSC test and 466 layout tests crash
https://bugs.webkit.org/show_bug.cgi?id=98857
Reviewed by Zoltan Herczeg.
Implement a new version of patchableBranch32 to fix crashing JSC
tests.
* assembler/MacroAssembler.h:
(MacroAssembler):
* assembler/MacroAssemblerARM.h:
(JSC::MacroAssemblerARM::patchableBranch32):
(MacroAssemblerARM):
2012-11-21 Filip Pizlo <fpizlo@apple.com>
Any function that can log things should be able to easily log them to a memory buffer as well
https://bugs.webkit.org/show_bug.cgi?id=103000
Reviewed by Sam Weinig.
Change all users of WTF::dataFile() to expect a PrintStream& rather than a FILE*.
* bytecode/Operands.h:
(JSC::OperandValueTraits::dump):
(JSC::dumpOperands):
(JSC):
* dfg/DFGAbstractState.cpp:
(JSC::DFG::AbstractState::dump):
* dfg/DFGAbstractState.h:
(AbstractState):
* dfg/DFGAbstractValue.h:
(JSC::DFG::AbstractValue::dump):
* dfg/DFGCommon.h:
(JSC::DFG::NodeIndexTraits::dump):
* dfg/DFGStructureAbstractValue.h:
(JSC::DFG::StructureAbstractValue::dump):
* dfg/DFGVariableEvent.cpp:
(JSC::DFG::VariableEvent::dump):
(JSC::DFG::VariableEvent::dumpFillInfo):
(JSC::DFG::VariableEvent::dumpSpillInfo):
* dfg/DFGVariableEvent.h:
(VariableEvent):
* disassembler/Disassembler.h:
(JSC):
(JSC::tryToDisassemble):
* disassembler/UDis86Disassembler.cpp:
(JSC::tryToDisassemble):
2012-11-23 Alexis Menard <alexis@webkit.org>
[CSS3 Backgrounds and Borders] Implement new CSS3 background-position parsing.
https://bugs.webkit.org/show_bug.cgi?id=102104
Reviewed by Julien Chaffraix.
Protect the new feature behind a feature flag.
* Configurations/FeatureDefines.xcconfig:
2012-11-23 Gabor Ballabas <gaborb@inf.u-szeged.hu>
Fix the ARM traditional build after r135330
https://bugs.webkit.org/show_bug.cgi?id=102871
Reviewed by Zoltan Herczeg.
Added missing functionality to traditional ARM architecture.
* assembler/ARMAssembler.h:
(JSC::ARMAssembler::revertJump):
(ARMAssembler):
* assembler/MacroAssemblerARM.h:
(JSC::MacroAssemblerARM::startOfPatchableBranchPtrWithPatchOnAddress):
(JSC::MacroAssemblerARM::startOfBranchPtrWithPatchOnRegister):
(MacroAssemblerARM):
(JSC::MacroAssemblerARM::revertJumpReplacementToBranchPtrWithPatch):
2012-11-16 Yury Semikhatsky <yurys@chromium.org>
Memory instrumentation: extract MemoryObjectInfo declaration into a separate file
https://bugs.webkit.org/show_bug.cgi?id=102510
Reviewed by Pavel Feldman.
Added new symbols for the methods that have moved into .../wtf/MemoryInstrumentation.cpp
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
2012-11-23 Julien BRIANCEAU <jbrianceau@nds.com>
[sh4] JavaScriptCore JIT build is broken since r130839
Add missing implementation for sh4 arch.
https://bugs.webkit.org/show_bug.cgi?id=101479
Reviewed by Filip Pizlo.
* assembler/MacroAssemblerSH4.h:
(JSC::MacroAssemblerSH4::load8Signed):
(MacroAssemblerSH4):
(JSC::MacroAssemblerSH4::load16Signed):
(JSC::MacroAssemblerSH4::store8):
(JSC::MacroAssemblerSH4::store16):
(JSC::MacroAssemblerSH4::moveDoubleToInts):
(JSC::MacroAssemblerSH4::moveIntsToDouble):
(JSC::MacroAssemblerSH4::loadFloat):
(JSC::MacroAssemblerSH4::loadDouble):
(JSC::MacroAssemblerSH4::storeFloat):
(JSC::MacroAssemblerSH4::storeDouble):
(JSC::MacroAssemblerSH4::addDouble):
(JSC::MacroAssemblerSH4::convertFloatToDouble):
(JSC::MacroAssemblerSH4::convertDoubleToFloat):
(JSC::MacroAssemblerSH4::urshift32):
* assembler/SH4Assembler.h:
(JSC::SH4Assembler::sublRegReg):
(JSC::SH4Assembler::subvlRegReg):
(JSC::SH4Assembler::floatfpulfrn):
(JSC::SH4Assembler::fldsfpul):
(JSC::SH4Assembler::fstsfpul):
(JSC::SH4Assembler::dcnvsd):
(SH4Assembler):
(JSC::SH4Assembler::movbRegMem):
(JSC::SH4Assembler::sizeOfConstantPool):
(JSC::SH4Assembler::linkJump):
(JSC::SH4Assembler::printInstr):
(JSC::SH4Assembler::printBlockInstr):
2012-11-22 Balazs Kilvady <kilvadyb@homejinni.com>
Fix the MIPS build after r135330
https://bugs.webkit.org/show_bug.cgi?id=102872
Reviewed by Gavin Barraclough.
Revert/replace functions added to MIPS port.
* assembler/MIPSAssembler.h:
(JSC::MIPSAssembler::revertJumpToMove):
(MIPSAssembler):
(JSC::MIPSAssembler::replaceWithJump):
* assembler/MacroAssemblerMIPS.h:
(MacroAssemblerMIPS):
(JSC::MacroAssemblerMIPS::startOfBranchPtrWithPatchOnRegister):
(JSC::MacroAssemblerMIPS::revertJumpReplacementToBranchPtrWithPatch):
(JSC::MacroAssemblerMIPS::startOfPatchableBranchPtrWithPatchOnAddress):
2012-11-21 Filip Pizlo <fpizlo@apple.com>
Rename dataLog() and dataLogV() to dataLogF() and dataLogFV()
https://bugs.webkit.org/show_bug.cgi?id=103001
Rubber stamped by Dan Bernstein.
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
* assembler/LinkBuffer.cpp:
(JSC::LinkBuffer::finalizeCodeWithDisassembly):
(JSC::LinkBuffer::dumpLinkStatistics):
(JSC::LinkBuffer::dumpCode):
* assembler/LinkBuffer.h:
(JSC):
* assembler/SH4Assembler.h:
(JSC::SH4Assembler::vprintfStdoutInstr):
* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::dumpBytecodeCommentAndNewLine):
(JSC::CodeBlock::printUnaryOp):
(JSC::CodeBlock::printBinaryOp):
(JSC::CodeBlock::printConditionalJump):
(JSC::CodeBlock::printGetByIdOp):
(JSC::dumpStructure):
(JSC::dumpChain):
(JSC::CodeBlock::printGetByIdCacheStatus):
(JSC::CodeBlock::printCallOp):
(JSC::CodeBlock::printPutByIdOp):
(JSC::CodeBlock::printStructure):
(JSC::CodeBlock::printStructures):
(JSC::CodeBlock::dump):
(JSC::CodeBlock::dumpStatistics):
(JSC::CodeBlock::finalizeUnconditionally):
(JSC::CodeBlock::resetStubInternal):
(JSC::CodeBlock::reoptimize):
(JSC::ProgramCodeBlock::jettison):
(JSC::EvalCodeBlock::jettison):
(JSC::FunctionCodeBlock::jettison):
(JSC::CodeBlock::shouldOptimizeNow):
(JSC::CodeBlock::tallyFrequentExitSites):
(JSC::CodeBlock::dumpValueProfiles):
* bytecode/Opcode.cpp:
(JSC::OpcodeStats::~OpcodeStats):
* bytecode/SamplingTool.cpp:
(JSC::SamplingFlags::stop):
(JSC::SamplingRegion::dumpInternal):
(JSC::SamplingTool::dump):
* dfg/DFGAbstractState.cpp:
(JSC::DFG::AbstractState::initialize):
(JSC::DFG::AbstractState::endBasicBlock):
(JSC::DFG::AbstractState::mergeStateAtTail):
(JSC::DFG::AbstractState::mergeToSuccessors):
* dfg/DFGAbstractValue.h:
(JSC::DFG::AbstractValue::dump):
* dfg/DFGArgumentsSimplificationPhase.cpp:
(JSC::DFG::ArgumentsSimplificationPhase::run):
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::injectLazyOperandSpeculation):
(JSC::DFG::ByteCodeParser::getPredictionWithoutOSRExit):
(JSC::DFG::ByteCodeParser::getArrayModeAndEmitChecks):
(JSC::DFG::ByteCodeParser::makeSafe):
(JSC::DFG::ByteCodeParser::makeDivSafe):
(JSC::DFG::ByteCodeParser::handleCall):
(JSC::DFG::ByteCodeParser::handleInlining):
(JSC::DFG::ByteCodeParser::parseBlock):
(JSC::DFG::ByteCodeParser::processPhiStack):
(JSC::DFG::ByteCodeParser::linkBlock):
(JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
(JSC::DFG::ByteCodeParser::parseCodeBlock):
(JSC::DFG::ByteCodeParser::parse):
* dfg/DFGCFAPhase.cpp:
(JSC::DFG::CFAPhase::performBlockCFA):
(JSC::DFG::CFAPhase::performForwardCFA):
* dfg/DFGCFGSimplificationPhase.cpp:
(JSC::DFG::CFGSimplificationPhase::run):
(JSC::DFG::CFGSimplificationPhase::fixPossibleGetLocal):
(JSC::DFG::CFGSimplificationPhase::fixPhis):
(JSC::DFG::CFGSimplificationPhase::fixJettisonedPredecessors):
(JSC::DFG::CFGSimplificationPhase::removePotentiallyDeadPhiReference):
(JSC::DFG::CFGSimplificationPhase::mergeBlocks):
* dfg/DFGCSEPhase.cpp:
(JSC::DFG::CSEPhase::endIndexForPureCSE):
(JSC::DFG::CSEPhase::setReplacement):
(JSC::DFG::CSEPhase::eliminate):
(JSC::DFG::CSEPhase::performNodeCSE):
* dfg/DFGCapabilities.cpp:
(JSC::DFG::debugFail):
* dfg/DFGConstantFoldingPhase.cpp:
(JSC::DFG::ConstantFoldingPhase::foldConstants):
(JSC::DFG::ConstantFoldingPhase::paintUnreachableCode):
* dfg/DFGDisassembler.cpp:
(JSC::DFG::Disassembler::dump):
* dfg/DFGDriver.cpp:
(JSC::DFG::compile):
* dfg/DFGFixupPhase.cpp:
(JSC::DFG::FixupPhase::fixupNode):
(JSC::DFG::FixupPhase::fixDoubleEdge):
* dfg/DFGGraph.cpp:
(JSC::DFG::printWhiteSpace):
(JSC::DFG::Graph::dumpCodeOrigin):
(JSC::DFG::Graph::dump):
(JSC::DFG::Graph::dumpBlockHeader):
(JSC::DFG::Graph::predictArgumentTypes):
* dfg/DFGJITCompiler.cpp:
(JSC::DFG::JITCompiler::link):
* dfg/DFGOSREntry.cpp:
(JSC::DFG::prepareOSREntry):
* dfg/DFGOSRExitCompiler.cpp:
* dfg/DFGOSRExitCompiler32_64.cpp:
(JSC::DFG::OSRExitCompiler::compileExit):
* dfg/DFGOSRExitCompiler64.cpp:
(JSC::DFG::OSRExitCompiler::compileExit):
* dfg/DFGOperations.cpp:
* dfg/DFGPhase.cpp:
(JSC::DFG::Phase::beginPhase):
* dfg/DFGPhase.h:
(JSC::DFG::runAndLog):
* dfg/DFGPredictionPropagationPhase.cpp:
(JSC::DFG::PredictionPropagationPhase::propagate):
(JSC::DFG::PredictionPropagationPhase::propagateForward):
(JSC::DFG::PredictionPropagationPhase::propagateBackward):
(JSC::DFG::PredictionPropagationPhase::doRoundOfDoubleVoting):
* dfg/DFGRegisterBank.h:
(JSC::DFG::RegisterBank::dump):
* dfg/DFGScoreBoard.h:
(JSC::DFG::ScoreBoard::use):
(JSC::DFG::ScoreBoard::dump):
* dfg/DFGSlowPathGenerator.h:
(JSC::DFG::SlowPathGenerator::generate):
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::terminateSpeculativeExecution):
(JSC::DFG::SpeculativeJIT::terminateSpeculativeExecutionWithConditionalDirection):
(JSC::DFG::SpeculativeJIT::runSlowPathGenerators):
(JSC::DFG::SpeculativeJIT::dump):
(JSC::DFG::SpeculativeJIT::checkConsistency):
(JSC::DFG::SpeculativeJIT::compile):
(JSC::DFG::SpeculativeJIT::checkGeneratedTypeForToInt32):
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
(JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
(JSC::DFG::SpeculativeJIT::fillSpeculateCell):
(JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
(JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
(JSC::DFG::SpeculativeJIT::fillSpeculateCell):
(JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
* dfg/DFGStructureCheckHoistingPhase.cpp:
(JSC::DFG::StructureCheckHoistingPhase::run):
* dfg/DFGValidate.cpp:
(Validate):
(JSC::DFG::Validate::reportValidationContext):
(JSC::DFG::Validate::dumpData):
(JSC::DFG::Validate::dumpGraphIfAppropriate):
* dfg/DFGVariableEventStream.cpp:
(JSC::DFG::VariableEventStream::logEvent):
(JSC::DFG::VariableEventStream::reconstruct):
* dfg/DFGVirtualRegisterAllocationPhase.cpp:
(JSC::DFG::VirtualRegisterAllocationPhase::run):
* heap/Heap.cpp:
* heap/HeapStatistics.cpp:
(JSC::HeapStatistics::logStatistics):
(JSC::HeapStatistics::showObjectStatistics):
* heap/MarkStack.h:
* heap/MarkedBlock.h:
* heap/SlotVisitor.cpp:
(JSC::SlotVisitor::validate):
* interpreter/CallFrame.cpp:
(JSC::CallFrame::dumpCaller):
* interpreter/Interpreter.cpp:
(JSC::Interpreter::dumpRegisters):
* jit/JIT.cpp:
(JSC::JIT::privateCompileMainPass):
(JSC::JIT::privateCompileSlowCases):
(JSC::JIT::privateCompile):
* jit/JITDisassembler.cpp:
(JSC::JITDisassembler::dump):
(JSC::JITDisassembler::dumpForInstructions):
* jit/JITStubRoutine.h:
(JSC):
* jit/JITStubs.cpp:
(JSC::DEFINE_STUB_FUNCTION):
* jit/JumpReplacementWatchpoint.cpp:
(JSC::JumpReplacementWatchpoint::fireInternal):
* llint/LLIntExceptions.cpp:
(JSC::LLInt::interpreterThrowInCaller):
(JSC::LLInt::returnToThrow):
(JSC::LLInt::callToThrow):
* llint/LLIntSlowPaths.cpp:
(JSC::LLInt::llint_trace_operand):
(JSC::LLInt::llint_trace_value):
(JSC::LLInt::LLINT_SLOW_PATH_DECL):
(JSC::LLInt::traceFunctionPrologue):
(JSC::LLInt::jitCompileAndSetHeuristics):
(JSC::LLInt::entryOSR):
(JSC::LLInt::handleHostCall):
(JSC::LLInt::setUpCall):
* profiler/Profile.cpp:
(JSC::Profile::debugPrintData):
(JSC::Profile::debugPrintDataSampleStyle):
* profiler/ProfileNode.cpp:
(JSC::ProfileNode::debugPrintData):
(JSC::ProfileNode::debugPrintDataSampleStyle):
* runtime/JSGlobalData.cpp:
(JSC::JSGlobalData::dumpRegExpTrace):
* runtime/RegExp.cpp:
(JSC::RegExp::matchCompareWithInterpreter):
* runtime/SamplingCounter.cpp:
(JSC::AbstractSamplingCounter::dump):
* runtime/Structure.cpp:
(JSC::Structure::dumpStatistics):
(JSC::PropertyMapStatisticsExitLogger::~PropertyMapStatisticsExitLogger):
* tools/CodeProfile.cpp:
(JSC::CodeProfile::report):
* tools/ProfileTreeNode.h:
(JSC::ProfileTreeNode::dumpInternal):
* yarr/YarrInterpreter.cpp:
(JSC::Yarr::ByteCompiler::dumpDisjunction):
2012-11-21 Filip Pizlo <fpizlo@apple.com>
It should be possible to say disassemble(stuff) instead of having to say if (!tryToDisassemble(stuff)) dataLog("I failed")
https://bugs.webkit.org/show_bug.cgi?id=103010
Reviewed by Anders Carlsson.
You can still say tryToDisassemble(), which will tell you if it failed; you can then
decide what to do instead. But it's better to say disassemble(), which will just print
the instruction ranges if tryToDisassemble() failed. This is particularly appropriate
since that's what all previous users of tryToDisassemble() would have done in some
form or another.
* CMakeLists.txt:
* GNUmakefile.list.am:
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
* JavaScriptCore.xcodeproj/project.pbxproj:
* Target.pri:
* assembler/LinkBuffer.cpp:
(JSC::LinkBuffer::finalizeCodeWithDisassembly):
* dfg/DFGDisassembler.cpp:
(JSC::DFG::Disassembler::dumpDisassembly):
* disassembler/Disassembler.cpp: Added.
(JSC):
(JSC::disassemble):
* disassembler/Disassembler.h:
(JSC):
* jit/JITDisassembler.cpp:
(JSC::JITDisassembler::dumpDisassembly):
2012-11-21 Filip Pizlo <fpizlo@apple.com>
dumpOperands() claims that it needs a non-const Operands& when that is completely false
https://bugs.webkit.org/show_bug.cgi?id=103005
Reviewed by Eric Carlson.
* bytecode/Operands.h:
(JSC::dumpOperands):
(JSC):
2012-11-20 Filip Pizlo <fpizlo@apple.com>
Baseline JIT's disassembly should be just as pretty as the DFG's
https://bugs.webkit.org/show_bug.cgi?id=102873
Reviewed by Sam Weinig.
Integrated the CodeBlock's bytecode dumper with the JIT's disassembler. Also fixed
some type goof-ups (instructions are not in a Vector<Instruction> so using a Vector
iterator makes no sense) and stream-lined some things (you don't actually need a
full-fledged ExecState* to dump bytecode).
* CMakeLists.txt:
* GNUmakefile.list.am:
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
* JavaScriptCore.xcodeproj/project.pbxproj:
* Target.pri:
* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::printUnaryOp):
(JSC::CodeBlock::printBinaryOp):
(JSC::CodeBlock::printConditionalJump):
(JSC::CodeBlock::printGetByIdOp):
(JSC::CodeBlock::printCallOp):
(JSC::CodeBlock::printPutByIdOp):
(JSC::CodeBlock::dump):
(JSC):
(JSC::CodeBlock::CodeBlock):
* bytecode/CodeBlock.h:
(CodeBlock):
* interpreter/Interpreter.cpp:
(JSC::Interpreter::dumpCallFrame):
* jit/JIT.cpp:
(JSC::JIT::privateCompileMainPass):
(JSC::JIT::privateCompileSlowCases):
(JSC::JIT::privateCompile):
* jit/JIT.h:
(JIT):
* jit/JITDisassembler.cpp: Added.
(JSC):
(JSC::JITDisassembler::JITDisassembler):
(JSC::JITDisassembler::~JITDisassembler):
(JSC::JITDisassembler::dump):
(JSC::JITDisassembler::dumpForInstructions):
(JSC::JITDisassembler::dumpDisassembly):
* jit/JITDisassembler.h: Added.
(JSC):
(JITDisassembler):
(JSC::JITDisassembler::setStartOfCode):
(JSC::JITDisassembler::setForBytecodeMainPath):
(JSC::JITDisassembler::setForBytecodeSlowPath):
(JSC::JITDisassembler::setEndOfSlowPath):
(JSC::JITDisassembler::setEndOfCode):
2012-11-21 Daniel Bates <dbates@webkit.org>
JavaScript fails to concatenate large strings
<https://bugs.webkit.org/show_bug.cgi?id=102963>
Reviewed by Michael Saboff.
Fixes an issue where we inadvertently didn't check the length of
a JavaScript string for overflow.
* runtime/Operations.h:
(JSC::jsString):
(JSC::jsStringFromArguments):
2012-11-20 Filip Pizlo <fpizlo@apple.com>
DFG should be able to cache closure calls (part 2/2)
https://bugs.webkit.org/show_bug.cgi?id=102662
Reviewed by Gavin Barraclough.
Added caching of calls where the JSFunction* varies, but the Structure* and ExecutableBase*
stay the same. This is accomplished by replacing the branch that compares against a constant
JSFunction* with a jump to a closure call stub. The closure call stub contains a fast path,
and jumps slow directly to the virtual call thunk.
Looks like a 1% win on V8v7.
* CMakeLists.txt:
* GNUmakefile.list.am:
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
* JavaScriptCore.xcodeproj/project.pbxproj:
* Target.pri:
* bytecode/CallLinkInfo.cpp:
(JSC::CallLinkInfo::unlink):
* bytecode/CallLinkInfo.h:
(CallLinkInfo):
(JSC::CallLinkInfo::isLinked):
(JSC::getCallLinkInfoBytecodeIndex):
* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::finalizeUnconditionally):
(JSC):
(JSC::CodeBlock::findClosureCallForReturnPC):
(JSC::CodeBlock::bytecodeOffset):
(JSC::CodeBlock::codeOriginForReturn):
* bytecode/CodeBlock.h:
(JSC::CodeBlock::getCallLinkInfo):
(CodeBlock):
(JSC::CodeBlock::isIncomingCallAlreadyLinked):
* dfg/DFGJITCompiler.cpp:
(JSC::DFG::JITCompiler::link):
* dfg/DFGJITCompiler.h:
(JSC::DFG::JITCompiler::addJSCall):
(JSC::DFG::JITCompiler::JSCallRecord::JSCallRecord):
(JSCallRecord):
* dfg/DFGOperations.cpp:
* dfg/DFGOperations.h:
* dfg/DFGRepatch.cpp:
(JSC::DFG::linkSlowFor):
(DFG):
(JSC::DFG::dfgLinkFor):
(JSC::DFG::dfgLinkSlowFor):
(JSC::DFG::dfgLinkClosureCall):
* dfg/DFGRepatch.h:
(DFG):
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::emitCall):
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::emitCall):
* dfg/DFGThunks.cpp:
(DFG):
(JSC::DFG::linkClosureCallThunkGenerator):
* dfg/DFGThunks.h:
(DFG):
* heap/Heap.h:
(Heap):
(JSC::Heap::jitStubRoutines):
* heap/JITStubRoutineSet.h:
(JSC::JITStubRoutineSet::size):
(JSC::JITStubRoutineSet::at):
(JITStubRoutineSet):
* jit/ClosureCallStubRoutine.cpp: Added.
(JSC):
(JSC::ClosureCallStubRoutine::ClosureCallStubRoutine):
(JSC::ClosureCallStubRoutine::~ClosureCallStubRoutine):
(JSC::ClosureCallStubRoutine::markRequiredObjectsInternal):
* jit/ClosureCallStubRoutine.h: Added.
(JSC):
(ClosureCallStubRoutine):
(JSC::ClosureCallStubRoutine::structure):
(JSC::ClosureCallStubRoutine::executable):
(JSC::ClosureCallStubRoutine::codeOrigin):
* jit/GCAwareJITStubRoutine.cpp:
(JSC::GCAwareJITStubRoutine::GCAwareJITStubRoutine):
* jit/GCAwareJITStubRoutine.h:
(GCAwareJITStubRoutine):
(JSC::GCAwareJITStubRoutine::isClosureCall):
* jit/JIT.cpp:
(JSC::JIT::privateCompile):
2012-11-20 Filip Pizlo <fpizlo@apple.com>
DFG should be able to cache closure calls (part 1/2)
https://bugs.webkit.org/show_bug.cgi?id=102662
Reviewed by Gavin Barraclough.
Add ability to revert a jump replacement back to
branchPtrWithPatch(Condition, RegisterID, TrustedImmPtr). This is meant to be
a mandatory piece of functionality for all assemblers. I also renamed some of
the functions for reverting jump replacements back to
patchableBranchPtrWithPatch(Condition, Address, TrustedImmPtr), so as to avoid
confusion.
* assembler/ARMv7Assembler.h:
(JSC::ARMv7Assembler::BadReg):
(ARMv7Assembler):
(JSC::ARMv7Assembler::revertJumpTo_movT3):
* assembler/LinkBuffer.h:
(JSC):
* assembler/MacroAssemblerARMv7.h:
(JSC::MacroAssemblerARMv7::startOfBranchPtrWithPatchOnRegister):
(MacroAssemblerARMv7):
(JSC::MacroAssemblerARMv7::revertJumpReplacementToBranchPtrWithPatch):
(JSC::MacroAssemblerARMv7::startOfPatchableBranchPtrWithPatchOnAddress):
* assembler/MacroAssemblerX86.h:
(JSC::MacroAssemblerX86::startOfBranchPtrWithPatchOnRegister):
(MacroAssemblerX86):
(JSC::MacroAssemblerX86::startOfPatchableBranchPtrWithPatchOnAddress):
(JSC::MacroAssemblerX86::revertJumpReplacementToBranchPtrWithPatch):
* assembler/MacroAssemblerX86_64.h:
(JSC::MacroAssemblerX86_64::startOfBranchPtrWithPatchOnRegister):
(JSC::MacroAssemblerX86_64::startOfPatchableBranchPtrWithPatchOnAddress):
(MacroAssemblerX86_64):
(JSC::MacroAssemblerX86_64::revertJumpReplacementToBranchPtrWithPatch):
* assembler/RepatchBuffer.h:
(JSC::RepatchBuffer::startOfBranchPtrWithPatchOnRegister):
(RepatchBuffer):
(JSC::RepatchBuffer::startOfPatchableBranchPtrWithPatchOnAddress):
(JSC::RepatchBuffer::revertJumpReplacementToBranchPtrWithPatch):
* assembler/X86Assembler.h:
(JSC::X86Assembler::revertJumpTo_cmpl_ir_force32):
(X86Assembler):
* dfg/DFGRepatch.cpp:
(JSC::DFG::replaceWithJump):
(JSC::DFG::dfgResetGetByID):
(JSC::DFG::dfgResetPutByID):
2012-11-20 Yong Li <yoli@rim.com>
[ARMv7] Neither linkCall() nor linkPointer() should flush code.
https://bugs.webkit.org/show_bug.cgi?id=99213
Reviewed by George Staikos.
LinkBuffer doesn't need to flush code during linking. It will
eventually flush the whole executable. Fixing this gives >%5
sunspider boost (on QNX).
Also make replaceWithLoad() and replaceWithAddressComputation() flush
only when necessary.
* assembler/ARMv7Assembler.h:
(JSC::ARMv7Assembler::linkCall):
(JSC::ARMv7Assembler::linkPointer):
(JSC::ARMv7Assembler::relinkCall):
(JSC::ARMv7Assembler::repatchInt32):
(JSC::ARMv7Assembler::repatchPointer):
(JSC::ARMv7Assembler::replaceWithLoad): Flush only after it did write.
(JSC::ARMv7Assembler::replaceWithAddressComputation): Flush only after it did write.
(JSC::ARMv7Assembler::setInt32):
(JSC::ARMv7Assembler::setPointer):
2012-11-19 Filip Pizlo <fpizlo@apple.com>
Remove support for ARMv7 errata from the jump code
https://bugs.webkit.org/show_bug.cgi?id=102759
Reviewed by Oliver Hunt.
The jump replacement code was wrong to begin with since it wasn't doing
a cache flush on the inserted padding. And, to my knowledge, we don't need
this anymore, so this patch removes all errata code from the ARMv7 port.
* assembler/ARMv7Assembler.h:
(JSC::ARMv7Assembler::computeJumpType):
(JSC::ARMv7Assembler::replaceWithJump):
(JSC::ARMv7Assembler::maxJumpReplacementSize):
(JSC::ARMv7Assembler::canBeJumpT3):
(JSC::ARMv7Assembler::canBeJumpT4):
2012-11-19 Patrick Gansterer <paroga@webkit.org>
[CMake] Create JavaScriptCore ForwardingHeaders
https://bugs.webkit.org/show_bug.cgi?id=92665
Reviewed by Brent Fulgham.
When using CMake to build the Windows port, we need
to generate the forwarding headers with it too.
* CMakeLists.txt:
2012-11-19 Kihong Kwon <kihong.kwon@samsung.com>
Add PROXIMITY_EVENTS feature
https://bugs.webkit.org/show_bug.cgi?id=102658
Reviewed by Kentaro Hara.
Add PROXIMITY_EVENTS feature to xcode project for JavaScriptCore.
* Configurations/FeatureDefines.xcconfig:
2012-11-18 Dan Bernstein <mitz@apple.com>
Try to fix the DFG build after r135099.
* dfg/DFGCommon.h:
(JSC::DFG::shouldShowDisassembly):
2012-11-18 Filip Pizlo <fpizlo@apple.com>
Unreviewed, build fix for !ENABLE(DFG_JIT).
* dfg/DFGCommon.h:
(JSC::DFG::shouldShowDisassembly):
(DFG):
2012-11-18 Filip Pizlo <fpizlo@apple.com>
JSC should have more logging in structure-related code
https://bugs.webkit.org/show_bug.cgi?id=102630
Reviewed by Simon Fraser.
- JSValue::description() now tells you if something is a structure, and if so,
what kind of structure it is.
- Jettisoning logic now tells you why things are being jettisoned.
- It's now possible to turn off GC-triggered jettisoning entirely.
* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::finalizeUnconditionally):
(JSC::CodeBlock::reoptimize):
(JSC::ProgramCodeBlock::jettison):
(JSC::EvalCodeBlock::jettison):
(JSC::FunctionCodeBlock::jettison):
* bytecode/CodeBlock.h:
(JSC::CodeBlock::shouldImmediatelyAssumeLivenessDuringScan):
* runtime/JSValue.cpp:
(JSC::JSValue::description):
* runtime/Options.h:
(JSC):
2012-11-18 Filip Pizlo <fpizlo@apple.com>
DFG constant folding phase should say 'changed = true' whenever it changes the graph
https://bugs.webkit.org/show_bug.cgi?id=102550
Rubber stamped by Mark Hahnenberg.
* dfg/DFGConstantFoldingPhase.cpp:
(JSC::DFG::ConstantFoldingPhase::foldConstants):
2012-11-17 Elliott Sprehn <esprehn@chromium.org>
Expose JSObject removeDirect and PrivateName to WebCore
https://bugs.webkit.org/show_bug.cgi?id=102546
Reviewed by Geoffrey Garen.
Export removeDirect for use in WebCore so JSDependentRetained works.
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
2012-11-16 Filip Pizlo <fpizlo@apple.com>
Given a PutById or GetById with a proven structure, the DFG should be able to emit a PutByOffset or GetByOffset instead
https://bugs.webkit.org/show_bug.cgi?id=102327
Reviewed by Mark Hahnenberg.
If the profiler tells us that a GetById or PutById may be polymorphic but our
control flow analysis proves that it isn't, we should trust the control flow
analysis over the profiler. This arises in cases where GetById or PutById were
inlined: the inlined function may have been called from other places that led
to polymorphism, but in the current inlined context, there is no polymorphism.
* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::dump):
* bytecode/GetByIdStatus.cpp:
(JSC::GetByIdStatus::computeFor):
(JSC):
* bytecode/GetByIdStatus.h:
(JSC::GetByIdStatus::GetByIdStatus):
(GetByIdStatus):
* bytecode/PutByIdStatus.cpp:
(JSC::PutByIdStatus::computeFor):
(JSC):
* bytecode/PutByIdStatus.h:
(JSC):
(JSC::PutByIdStatus::PutByIdStatus):
(PutByIdStatus):
* dfg/DFGAbstractState.cpp:
(JSC::DFG::AbstractState::execute):
* dfg/DFGAbstractValue.h:
(JSC::DFG::AbstractValue::bestProvenStructure):
(AbstractValue):
* dfg/DFGConstantFoldingPhase.cpp:
(JSC::DFG::ConstantFoldingPhase::foldConstants):
(JSC::DFG::ConstantFoldingPhase::addStructureTransitionCheck):
(ConstantFoldingPhase):
* dfg/DFGNode.h:
(JSC::DFG::Node::convertToGetByOffset):
(Node):
(JSC::DFG::Node::convertToPutByOffset):
(JSC::DFG::Node::hasStorageResult):
* runtime/JSGlobalObject.h:
(JSC::Structure::prototypeChain):
(JSC):
(JSC::Structure::isValid):
* runtime/Operations.h:
(JSC::isPrototypeChainNormalized):
(JSC):
* runtime/Structure.h:
(Structure):
(JSC::Structure::transitionDidInvolveSpecificValue):
2012-11-16 Tony Chang <tony@chromium.org>
Remove ENABLE_CSS_HIERARCHIES since it's no longer in use
https://bugs.webkit.org/show_bug.cgi?id=102554
Reviewed by Andreas Kling.
As mentioned in https://bugs.webkit.org/show_bug.cgi?id=79939#c41 ,
we're going to revist this feature once additional vendor support is
achieved.
* Configurations/FeatureDefines.xcconfig:
2012-11-16 Patrick Gansterer <paroga@webkit.org>
Build fix for WinCE after r133688.
Use numeric_limits<uint32_t>::max() instead of UINT32_MAX.
* runtime/CodeCache.h:
(JSC::CacheMap::CacheMap):
2012-11-15 Filip Pizlo <fpizlo@apple.com>
ClassInfo.h should have correct indentation.
Rubber stamped by Mark Hahnenberg.
ClassInfo.h had some true creativity in its use of whitespace. Some things within
the namespace were indented four spaces and others where not. One #define had its
contents indented four spaces, while another didn't. I applied the following rule:
- Non-macro things in the namespace should not be indented (that's our current
accepted practice).
- Macros should never be indented but if they are multi-line then their subsequent
bodies should be indented four spaces. I believe that is consistent with what we
do elsewhere.
* runtime/ClassInfo.h:
(JSC):
(MethodTable):
(ClassInfo):
(JSC::ClassInfo::propHashTable):
(JSC::ClassInfo::isSubClassOf):
(JSC::ClassInfo::hasStaticProperties):
2012-11-15 Filip Pizlo <fpizlo@apple.com>
DFG should copy propagate trivially no-op ConvertThis
https://bugs.webkit.org/show_bug.cgi?id=102445
Reviewed by Oliver Hunt.
Copy propagation is always a good thing, since it reveals must-alias relationships
to the CFA and CSE. This accomplishes copy propagation for ConvertThis by first
converting it to an Identity node (which is done by the constant folder since it
has access to CFA results) and then performing substitution of references to
Identity with references to Identity's child in the CSE.
I'm not aiming for a big speed-up here; I just think that this will be useful for
the work on https://bugs.webkit.org/show_bug.cgi?id=102327.
* dfg/DFGAbstractState.cpp:
(JSC::DFG::AbstractState::execute):
* dfg/DFGCSEPhase.cpp:
(JSC::DFG::CSEPhase::performNodeCSE):
* dfg/DFGConstantFoldingPhase.cpp:
(JSC::DFG::ConstantFoldingPhase::foldConstants):
* dfg/DFGNodeType.h:
(DFG):
* dfg/DFGPredictionPropagationPhase.cpp:
(JSC::DFG::PredictionPropagationPhase::propagate):
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
2012-11-15 Filip Pizlo <fpizlo@apple.com>
CallData.h should have correct indentation.
Rubber stamped by Mark Hahneberg.
* runtime/CallData.h:
(JSC):
2012-11-15 Filip Pizlo <fpizlo@apple.com>
Remove methodCallDummy since it is not used anymore.
Rubber stamped by Mark Hahnenberg.
* runtime/JSGlobalObject.cpp:
(JSC::JSGlobalObject::reset):
(JSC):
(JSC::JSGlobalObject::visitChildren):
* runtime/JSGlobalObject.h:
(JSGlobalObject):
2012-11-14 Filip Pizlo <fpizlo@apple.com>
Structure should be able to easily tell if the prototype chain might intercept a store
https://bugs.webkit.org/show_bug.cgi?id=102326
Reviewed by Geoffrey Garen.
This improves our ability to reason about the correctness of the more optimized
prototype chain walk in JSObject::put(), while also making it straight forward to
check if the prototype chain will do strange things to a property store by just
looking at the structure.
* runtime/JSObject.cpp:
(JSC::JSObject::put):
* runtime/Structure.cpp:
(JSC::Structure::prototypeChainMayInterceptStoreTo):
(JSC):
* runtime/Structure.h:
(Structure):
2012-11-15 Thiago Marcos P. Santos <thiago.santos@intel.com>
[CMake] Do not regenerate LLIntAssembly.h on every incremental build
https://bugs.webkit.org/show_bug.cgi?id=102248
Reviewed by Kenneth Rohde Christiansen.
Update LLIntAssembly.h's mtime after running asm.rb to make the build
system dependency tracking consistent.
* CMakeLists.txt:
2012-11-15 Thiago Marcos P. Santos <thiago.santos@intel.com>
Fix compiler warnings about signed/unsigned comparison on i386
https://bugs.webkit.org/show_bug.cgi?id=102249
Reviewed by Kenneth Rohde Christiansen.
Add casting to unsigned to shut up gcc warnings. Build was broken on
JSVALUE32_64 ports compiling with -Werror.
* llint/LLIntData.cpp:
(JSC::LLInt::Data::performAssertions):
2012-11-14 Brent Fulgham <bfulgham@webkit.org>
[Windows, WinCairo] Unreviewed build fix.
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
Missed one of the exports that was part of the WebKit2.def.
2012-11-14 Brent Fulgham <bfulgham@webkit.org>
[Windows, WinCairo] Correct build failure.
https://bugs.webkit.org/show_bug.cgi?id=102302
WebCore symbols were mistakenly added to the JavaScriptCore
library definition file.
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Remove
WebCore symbols that were incorrectly added to the export file.
2012-11-14 Mark Lam <mark.lam@apple.com>
Change JSEventListener::m_jsFunction to be a weak ref.
https://bugs.webkit.org/show_bug.cgi?id=101989.
Reviewed by Geoffrey Garen.
Added infrastructure for scanning weak ref slots.
* heap/SlotVisitor.cpp: Added #include "SlotVisitorInlines.h".
* heap/SlotVisitor.h:
(SlotVisitor): Added SlotVisitor::appendUnbarrieredWeak().
* heap/SlotVisitorInlines.h: Added #include "Weak.h".
(JSC::SlotVisitor::appendUnbarrieredWeak): Added.
* heap/Weak.h:
(JSC::operator==): Added operator==() for Weak.
* runtime/JSCell.h: Removed #include "SlotVisitorInlines.h".
* runtime/JSObject.h: Added #include "SlotVisitorInlines.h".
2012-11-14 Filip Pizlo <fpizlo@apple.com>
Read-only properties created with putDirect() should tell the structure that there are read-only properties
https://bugs.webkit.org/show_bug.cgi?id=102292
Reviewed by Gavin Barraclough.
This mostly affects things like function.length.
* runtime/JSObject.h:
(JSC::JSObject::putDirectInternal):
2012-11-13 Filip Pizlo <fpizlo@apple.com>
Don't access Node& after adding nodes to the graph.
https://bugs.webkit.org/show_bug.cgi?id=102005
Reviewed by Oliver Hunt.
* dfg/DFGFixupPhase.cpp:
(JSC::DFG::FixupPhase::fixupNode):
2012-11-14 Valery Ignatyev <valery.ignatyev@ispras.ru>
Replace (typeof(x) != <"object", "undefined", ...>) with
!(typeof(x) == <"object",..>). Later is_object, is_<...> bytecode operation
will be used.
https://bugs.webkit.org/show_bug.cgi?id=98893
Reviewed by Filip Pizlo.
This eliminates expensive typeof implementation and
allows to use DFG optimizations, which doesn't support 'typeof'.
* bytecompiler/NodesCodegen.cpp:
(JSC::BinaryOpNode::emitBytecode):
2012-11-14 Peter Gal <galpeter@inf.u-szeged.hu>
[Qt][ARM]REGRESSION(r133985): It broke the build
https://bugs.webkit.org/show_bug.cgi?id=101740
Reviewed by Csaba Osztrogonác.
Changed the emitGenericContiguousPutByVal to accept the additional IndexingType argument.
This information was passed as a template parameter.
* jit/JIT.h:
(JSC::JIT::emitInt32PutByVal):
(JSC::JIT::emitDoublePutByVal):
(JSC::JIT::emitContiguousPutByVal):
(JIT):
* jit/JITPropertyAccess.cpp:
(JSC::JIT::emitGenericContiguousPutByVal):
* jit/JITPropertyAccess32_64.cpp:
(JSC::JIT::emitGenericContiguousPutByVal):
2012-11-14 Peter Gal <galpeter@inf.u-szeged.hu>
Fix the MIPS build after r134332
https://bugs.webkit.org/show_bug.cgi?id=102227
Reviewed by Csaba Osztrogonác.
Added missing methods for the MacroAssemblerMIPS, based on the MacroAssemblerARMv7.
* assembler/MacroAssemblerMIPS.h:
(JSC::MacroAssemblerMIPS::canJumpReplacePatchableBranchPtrWithPatch):
(MacroAssemblerMIPS):
(JSC::MacroAssemblerMIPS::startOfPatchableBranchPtrWithPatch):
(JSC::MacroAssemblerMIPS::revertJumpReplacementToPatchableBranchPtrWithPatch):
2012-11-14 Peter Gal <galpeter@inf.u-szeged.hu>
Fix the [-Wreturn-type] warning in JavaScriptCore/assembler/MacroAssemblerARM.h
https://bugs.webkit.org/show_bug.cgi?id=102206
Reviewed by Csaba Osztrogonác.
Add a return value for the function to suppress the warning.
* assembler/MacroAssemblerARM.h:
(JSC::MacroAssemblerARM::startOfPatchableBranchPtrWithPatch):
2012-11-14 Sheriff Bot <webkit.review.bot@gmail.com>
Unreviewed, rolling out r134599.
http://trac.webkit.org/changeset/134599
https://bugs.webkit.org/show_bug.cgi?id=102225
It broke the 32 bit EFL build (Requested by Ossy on #webkit).
* jit/JITPropertyAccess.cpp:
* jit/JITPropertyAccess32_64.cpp:
(JSC):
(JSC::JIT::emitGenericContiguousPutByVal):
2012-11-14 Balazs Kilvady <kilvadyb@homejinni.com>
[Qt][ARM]REGRESSION(r133985): It broke the build
https://bugs.webkit.org/show_bug.cgi?id=101740
Reviewed by Csaba Osztrogonác.
Template function body moved to fix VALUE_PROFILER disabled case.
* jit/JITPropertyAccess.cpp:
(JSC):
(JSC::JIT::emitGenericContiguousPutByVal):
* jit/JITPropertyAccess32_64.cpp:
2012-11-13 Filip Pizlo <fpizlo@apple.com>
DFG CreateThis should be able to statically account for the structure of the object it creates, if profiling indicates that this structure is always the same
https://bugs.webkit.org/show_bug.cgi?id=102017
Reviewed by Geoffrey Garen.
This adds a watchpoint in JSFunction on the cached inheritor ID. It also changes
NewObject to take a structure as an operand (previously it implicitly used the owning
global object's empty object structure). Any GetCallee where the callee is predictable
is turned into a CheckFunction + WeakJSConstant, and any CreateThis on a WeakJSConstant
where the inheritor ID watchpoint is still valid is turned into an InheritorIDWatchpoint
followed by a NewObject. NewObject already accounts for the structure it uses for object
creation in the CFA.
* dfg/DFGAbstractState.cpp:
(JSC::DFG::AbstractState::execute):
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::parseBlock):
* dfg/DFGCSEPhase.cpp:
(JSC::DFG::CSEPhase::checkFunctionElimination):
* dfg/DFGGraph.cpp:
(JSC::DFG::Graph::dump):
* dfg/DFGNode.h:
(JSC::DFG::Node::hasFunction):
(JSC::DFG::Node::function):
(JSC::DFG::Node::hasStructure):
* dfg/DFGNodeType.h:
(DFG):
* dfg/DFGOperations.cpp:
* dfg/DFGOperations.h:
* dfg/DFGPredictionPropagationPhase.cpp:
(JSC::DFG::PredictionPropagationPhase::propagate):
* dfg/DFGSpeculativeJIT.h:
(JSC::DFG::SpeculativeJIT::callOperation):
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* runtime/Executable.h:
(JSC::JSFunction::JSFunction):
* runtime/JSBoundFunction.cpp:
(JSC):
* runtime/JSFunction.cpp:
(JSC::JSFunction::JSFunction):
(JSC::JSFunction::put):
(JSC::JSFunction::defineOwnProperty):
* runtime/JSFunction.h:
(JSC::JSFunction::tryGetKnownInheritorID):
(JSFunction):
(JSC::JSFunction::addInheritorIDWatchpoint):
2012-11-13 Filip Pizlo <fpizlo@apple.com>
JSFunction and its descendants should be destructible
https://bugs.webkit.org/show_bug.cgi?id=102062
Reviewed by Mark Hahnenberg.
This will make it easy to place an InlineWatchpointSet inside JSFunction. In the
future, we could make JSFunction non-destructible again by making a version of
WatchpointSet that is entirely GC'd, but this seems like overkill for now.
This is performance-neutral.
* runtime/JSBoundFunction.cpp:
(JSC::JSBoundFunction::destroy):
(JSC):
* runtime/JSBoundFunction.h:
(JSBoundFunction):
* runtime/JSFunction.cpp:
(JSC):
(JSC::JSFunction::destroy):
* runtime/JSFunction.h:
(JSFunction):
2012-11-13 Cosmin Truta <ctruta@rim.com>
Uninitialized fields in class JSLock
https://bugs.webkit.org/show_bug.cgi?id=101695
Reviewed by Mark Hahnenberg.
Initialize JSLock::m_ownerThread and JSLock::m_lockDropDepth.
* runtime/JSLock.cpp:
(JSC::JSLock::JSLock):
2012-11-13 Peter Gal <galpeter@inf.u-szeged.hu>
Fix the ARM traditional build after r134332
https://bugs.webkit.org/show_bug.cgi?id=102044
Reviewed by Zoltan Herczeg.
Added missing methods for the MacroAssemblerARM, based on the MacroAssemblerARMv7.
* assembler/MacroAssemblerARM.h:
(JSC::MacroAssemblerARM::canJumpReplacePatchableBranchPtrWithPatch):
(MacroAssemblerARM):
(JSC::MacroAssemblerARM::startOfPatchableBranchPtrWithPatch):
(JSC::MacroAssemblerARM::revertJumpReplacementToPatchableBranchPtrWithPatch):
2012-11-12 Filip Pizlo <fpizlo@apple.com>
op_get_callee should have value profiling
https://bugs.webkit.org/show_bug.cgi?id=102047
Reviewed by Sam Weinig.
This will allow us to detect if the callee is always the same, which is probably
the common case for a lot of constructors.
* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::CodeBlock):
* bytecode/Opcode.h:
(JSC):
(JSC::padOpcodeName):
* bytecompiler/BytecodeGenerator.cpp:
(JSC::BytecodeGenerator::BytecodeGenerator):
* jit/JITOpcodes.cpp:
(JSC::JIT::emit_op_get_callee):
* jit/JITOpcodes32_64.cpp:
(JSC::JIT::emit_op_get_callee):
* llint/LowLevelInterpreter32_64.asm:
* llint/LowLevelInterpreter64.asm:
2012-11-12 Filip Pizlo <fpizlo@apple.com>
The act of getting the callee during 'this' construction should be explicit in bytecode
https://bugs.webkit.org/show_bug.cgi?id=102016
Reviewed by Michael Saboff.
This is mostly a rollout of http://trac.webkit.org/changeset/116673, but also includes
changes to have create_this use the result of get_callee.
No performance or behavioral impact. This is just meant to allow us to profile
get_callee in the future.
* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::dump):
* bytecode/Opcode.h:
(JSC):
(JSC::padOpcodeName):
* bytecompiler/BytecodeGenerator.cpp:
(JSC::BytecodeGenerator::BytecodeGenerator):
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::parseBlock):
* dfg/DFGCapabilities.h:
(JSC::DFG::canCompileOpcode):
* jit/JIT.cpp:
(JSC::JIT::privateCompileMainPass):
* jit/JIT.h:
(JIT):
* jit/JITOpcodes.cpp:
(JSC::JIT::emit_op_get_callee):
(JSC):
(JSC::JIT::emit_op_create_this):
* jit/JITOpcodes32_64.cpp:
(JSC::JIT::emit_op_get_callee):
(JSC):
(JSC::JIT::emit_op_create_this):
* llint/LLIntSlowPaths.cpp:
(JSC::LLInt::LLINT_SLOW_PATH_DECL):
* llint/LowLevelInterpreter32_64.asm:
* llint/LowLevelInterpreter64.asm:
2012-11-12 Filip Pizlo <fpizlo@apple.com>
Unreviewed, fix ARMv7 build.
* assembler/MacroAssemblerARMv7.h:
(JSC::MacroAssemblerARMv7::startOfPatchableBranchPtrWithPatch):
(JSC::MacroAssemblerARMv7::revertJumpReplacementToPatchableBranchPtrWithPatch):
2012-11-12 Filip Pizlo <fpizlo@apple.com>
Patching of jumps to stubs should use jump replacement rather than branch destination overwrite
https://bugs.webkit.org/show_bug.cgi?id=101909
Reviewed by Geoffrey Garen.
This saves a few instructions in inline cases, on those architectures where it is
easy to figure out where to put the jump replacement. Sub-1% speed-up across the
board.
* assembler/MacroAssemblerARMv7.h:
(MacroAssemblerARMv7):
(JSC::MacroAssemblerARMv7::canJumpReplacePatchableBranchPtrWithPatch):
(JSC::MacroAssemblerARMv7::startOfPatchableBranchPtrWithPatch):
(JSC::MacroAssemblerARMv7::revertJumpReplacementToPatchableBranchPtrWithPatch):
* assembler/MacroAssemblerX86.h:
(JSC::MacroAssemblerX86::canJumpReplacePatchableBranchPtrWithPatch):
(MacroAssemblerX86):
(JSC::MacroAssemblerX86::startOfPatchableBranchPtrWithPatch):
(JSC::MacroAssemblerX86::revertJumpReplacementToPatchableBranchPtrWithPatch):
* assembler/MacroAssemblerX86_64.h:
(JSC::MacroAssemblerX86_64::canJumpReplacePatchableBranchPtrWithPatch):
(MacroAssemblerX86_64):
(JSC::MacroAssemblerX86_64::startOfPatchableBranchPtrWithPatch):
(JSC::MacroAssemblerX86_64::revertJumpReplacementToPatchableBranchPtrWithPatch):
* assembler/RepatchBuffer.h:
(JSC::RepatchBuffer::startOfPatchableBranchPtrWithPatch):
(RepatchBuffer):
(JSC::RepatchBuffer::replaceWithJump):
(JSC::RepatchBuffer::revertJumpReplacementToPatchableBranchPtrWithPatch):
* assembler/X86Assembler.h:
(X86Assembler):
(JSC::X86Assembler::revertJumpTo_movq_i64r):
(JSC::X86Assembler::revertJumpTo_cmpl_im_force32):
(X86InstructionFormatter):
* bytecode/StructureStubInfo.h:
* dfg/DFGRepatch.cpp:
(JSC::DFG::replaceWithJump):
(DFG):
(JSC::DFG::tryCacheGetByID):
(JSC::DFG::tryBuildGetByIDList):
(JSC::DFG::tryBuildGetByIDProtoList):
(JSC::DFG::tryCachePutByID):
(JSC::DFG::dfgResetGetByID):
(JSC::DFG::dfgResetPutByID):
2012-11-11 Filip Pizlo <fpizlo@apple.com>
DFG ArithMul overflow check elimination is too aggressive
https://bugs.webkit.org/show_bug.cgi?id=101871
Reviewed by Oliver Hunt.
The code was ignoring the fact that ((a * b) | 0) == (((a | 0) * (b | 0)) | 0)
only holds if a * b < 2^53. So, I changed it to only enable the optimization
when a < 2^22 and b is an int32 (and vice versa), using a super trivial peephole
analysis to prove the inequality. I considered writing an epic forward flow
formulation that tracks the ranges of integer values but then I thought better
of it.
This also rewires the ArithMul integer speculation logic. Previously, we would
assume that an ArithMul was only UsedAsNumber if it escaped, and separately we
would decide whether to speculate integer based on a proof of the <2^22
inequality. Now, we treat the double rounding behavior of ArithMul as if the
result was UsedAsNumber even if it did not escape. Then we try to prove that
double rounding cannot happen by attemping to prove that a < 2^22. This then
feeds back into the decision of whether or not to speculate integer (if we fail
to prove a < 2^22 then we're UsedAsNumber, and if we're also MayOverflow then
that forces double speculation).
No performance impact. It just fixes a bug.
* dfg/DFGGraph.h:
(JSC::DFG::Graph::mulShouldSpeculateInteger):
* dfg/DFGPredictionPropagationPhase.cpp:
(PredictionPropagationPhase):
(JSC::DFG::PredictionPropagationPhase::isWithinPowerOfTwoForConstant):
(JSC::DFG::PredictionPropagationPhase::isWithinPowerOfTwoNonRecursive):
(JSC::DFG::PredictionPropagationPhase::isWithinPowerOfTwo):
(JSC::DFG::PredictionPropagationPhase::propagate):
2012-11-11 Filip Pizlo <fpizlo@apple.com>
DFG should not emit function checks if we've already proved that the operand is that exact function
https://bugs.webkit.org/show_bug.cgi?id=101885
Reviewed by Oliver Hunt.
* dfg/DFGAbstractState.cpp:
(JSC::DFG::AbstractState::execute):
* dfg/DFGAbstractValue.h:
(JSC::DFG::AbstractValue::filterByValue):
(AbstractValue):
* dfg/DFGConstantFoldingPhase.cpp:
(JSC::DFG::ConstantFoldingPhase::foldConstants):
2012-11-12 Kentaro Hara <haraken@chromium.org>
[V8][JSC] ScriptProfileNode::callUID needs not to be [Custom]
https://bugs.webkit.org/show_bug.cgi?id=101892
Reviewed by Adam Barth.
Added callUID(), which enables us to kill custom bindings for ScriptProfileNode::callUID.
* profiler/ProfileNode.h:
(JSC::ProfileNode::callUID):
2012-11-12 Carlos Garcia Campos <cgarcia@igalia.com>
Unreviewed. Fix make distcheck.
* GNUmakefile.list.am: Add missing header.
2012-11-11 Michael Pruett <michael@68k.org>
Fix assertion failure in JSObject::tryGetIndexQuickly()
https://bugs.webkit.org/show_bug.cgi?id=101869
Reviewed by Filip Pizlo.
Currently JSObject::tryGetIndexQuickly() triggers an assertion
failure when the object has an undecided indexing type. This
case should be treated the same as a blank indexing type.
* runtime/JSObject.h:
(JSC::JSObject::tryGetIndexQuickly):
2012-11-11 Filip Pizlo <fpizlo@apple.com>
DFG register allocation should be greedy rather than round-robin
https://bugs.webkit.org/show_bug.cgi?id=101870
Reviewed by Geoffrey Garen.
This simplifies the code, reduces some code duplication, and shows some slight
performance improvements in a few places, likely due to the fact that lower-numered
registers also typically have smaller encodings.
* dfg/DFGRegisterBank.h:
(JSC::DFG::RegisterBank::RegisterBank):
(JSC::DFG::RegisterBank::tryAllocate):
(JSC::DFG::RegisterBank::allocate):
(JSC::DFG::RegisterBank::allocateInternal):
(RegisterBank):
2012-11-11 Kenichi Ishibashi <bashi@chromium.org>
WTFString::utf8() should have a mode of conversion to use replacement character
https://bugs.webkit.org/show_bug.cgi?id=101678
Reviewed by Alexey Proskuryakov.
Follow the change on String::utf8()
* runtime/JSGlobalObjectFunctions.cpp:
(JSC::encode): Pass String::StrictConversion instead of true to String::utf8().
2012-11-10 Filip Pizlo <fpizlo@apple.com>
DFG should optimize out the NaN check on loads from double arrays if the array prototype chain is having a great time
https://bugs.webkit.org/show_bug.cgi?id=101718
Reviewed by Geoffrey Garen.
If we're reading from a JSArray in double mode, where the array's structure is
primordial (all aspects of the structure are unchanged except for indexing type),
and the result of the load is used in arithmetic that is known to not distinguish
between NaN and undefined, then we should not emit a NaN check. Looks like a 5%
win on navier-stokes.
Also fixed an OpInfo initialization goof for String ops that was revealed by this
change.
* dfg/DFGAbstractState.cpp:
(JSC::DFG::AbstractState::execute):
* dfg/DFGArrayMode.cpp:
(JSC::DFG::arraySpeculationToString):
* dfg/DFGArrayMode.h:
(JSC::DFG::ArrayMode::isSaneChain):
(ArrayMode):
(JSC::DFG::ArrayMode::isInBounds):
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::handleIntrinsic):
* dfg/DFGFixupPhase.cpp:
(JSC::DFG::FixupPhase::fixupNode):
* dfg/DFGNodeFlags.cpp:
(JSC::DFG::nodeFlagsAsString):
* dfg/DFGNodeFlags.h:
(DFG):
* dfg/DFGPredictionPropagationPhase.cpp:
(JSC::DFG::PredictionPropagationPhase::propagate):
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* runtime/JSGlobalObject.cpp:
(JSC::JSGlobalObject::arrayPrototypeChainIsSane):
(JSC):
* runtime/JSGlobalObject.h:
(JSGlobalObject):
2012-11-10 Filip Pizlo <fpizlo@apple.com>
DFG constant folding and CFG simplification should be smart enough to know that if a logical op's operand is proven to have a non-masquerading structure then it always evaluates to true
https://bugs.webkit.org/show_bug.cgi?id=101511
Reviewed by Geoffrey Garen.
This is the second attempt at this patch, which fixes the !"" case.
To make life easier, this moves BranchDirection into BasicBlock so that after
running the CFA, we always know, for each block, what direction the CFA
proved. CFG simplification now both uses and preserves cfaBranchDirection in
its transformations.
Also made both LogicalNot and Branch check whether the operand is a known cell
with a known structure, and if so, made them do the appropriate folding.
5% speed-up on V8/raytrace because it makes raytrace's own null checks
evaporate (i.e. idioms like 'if (!x) throw "unhappiness"') thanks to the fact
that we were already doing structure check hoisting.
* JavaScriptCore.xcodeproj/project.pbxproj:
* dfg/DFGAbstractState.cpp:
(JSC::DFG::AbstractState::endBasicBlock):
(JSC::DFG::AbstractState::execute):
(JSC::DFG::AbstractState::mergeToSuccessors):
* dfg/DFGAbstractState.h:
(AbstractState):
* dfg/DFGBasicBlock.h:
(JSC::DFG::BasicBlock::BasicBlock):
(BasicBlock):
* dfg/DFGBranchDirection.h: Added.
(DFG):
(JSC::DFG::branchDirectionToString):
(JSC::DFG::isKnownDirection):
(JSC::DFG::branchCondition):
* dfg/DFGCFGSimplificationPhase.cpp:
(JSC::DFG::CFGSimplificationPhase::run):
(JSC::DFG::CFGSimplificationPhase::mergeBlocks):
2012-11-10 Sheriff Bot <webkit.review.bot@gmail.com>
Unreviewed, rolling out r133971.
http://trac.webkit.org/changeset/133971
https://bugs.webkit.org/show_bug.cgi?id=101839
Causes WebProcess to hang at 100% on www.apple.com (Requested
by kling on #webkit).
* JavaScriptCore.xcodeproj/project.pbxproj:
* dfg/DFGAbstractState.cpp:
(JSC::DFG::AbstractState::endBasicBlock):
(JSC::DFG::AbstractState::execute):
(JSC::DFG::AbstractState::mergeToSuccessors):
* dfg/DFGAbstractState.h:
(JSC::DFG::AbstractState::branchDirectionToString):
(AbstractState):
* dfg/DFGBasicBlock.h:
(JSC::DFG::BasicBlock::BasicBlock):
(BasicBlock):
* dfg/DFGBranchDirection.h: Removed.
* dfg/DFGCFGSimplificationPhase.cpp:
(JSC::DFG::CFGSimplificationPhase::run):
(JSC::DFG::CFGSimplificationPhase::mergeBlocks):
2012-11-09 Filip Pizlo <fpizlo@apple.com>
If the DFG ArrayMode says that an access is on an OriginalArray, then the checks should always enforce this
https://bugs.webkit.org/show_bug.cgi?id=101720
Reviewed by Mark Hahnenberg.
Previously, "original" arrays was just a hint that we could find the structure
of the array if we needed to even if the array profile didn't have it due to
polymorphism. Now, "original" arrays are a property that is actually checked:
if an array access has ArrayMode::arrayClass() == Array::OriginalArray, then we
can be sure that the code performing the access is dealing with not just a
JSArray, but a JSArray that has no named properties, no indexed accessors, and
the ArrayPrototype as its prototype. This will be useful for optimizations that
are being done as part of https://bugs.webkit.org/show_bug.cgi?id=101720.
* dfg/DFGAbstractState.cpp:
(JSC::DFG::AbstractState::execute):
* dfg/DFGArrayMode.cpp:
(JSC::DFG::ArrayMode::originalArrayStructure):
(DFG):
(JSC::DFG::ArrayMode::alreadyChecked):
* dfg/DFGArrayMode.h:
(JSC):
(DFG):
(JSC::DFG::ArrayMode::withProfile):
(ArrayMode):
(JSC::DFG::ArrayMode::benefitsFromOriginalArray):
* dfg/DFGConstantFoldingPhase.cpp:
(JSC::DFG::ConstantFoldingPhase::foldConstants):
* dfg/DFGFixupPhase.cpp:
(JSC::DFG::FixupPhase::checkArray):
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::jumpSlowForUnwantedArrayMode):
(JSC::DFG::SpeculativeJIT::checkArray):
(JSC::DFG::SpeculativeJIT::compileGetByValOnString):
(JSC::DFG::SpeculativeJIT::compileGetByValOnIntTypedArray):
(JSC::DFG::SpeculativeJIT::compileGetByValOnFloatTypedArray):
(JSC::DFG::SpeculativeJIT::compilePutByValForFloatTypedArray):
(JSC::DFG::SpeculativeJIT::compileGetByValOnArguments):
(JSC::DFG::SpeculativeJIT::compileGetArgumentsLength):
2012-11-09 Filip Pizlo <fpizlo@apple.com>
Fix indentation of BooleanPrototype.h
Rubber stamped by Mark Hahnenberg.
* runtime/BooleanPrototype.h:
2012-11-09 Filip Pizlo <fpizlo@apple.com>
Fix indentation of BooleanObject.h
Rubber stamped by Mark Hahnenberg.
* runtime/BooleanObject.h:
2012-11-09 Filip Pizlo <fpizlo@apple.com>
Fix indentation of BooleanConstructor.h
Rubber stamped by Mark Hahnenberg.
* runtime/BooleanConstructor.h:
2012-11-09 Filip Pizlo <fpizlo@apple.com>
Fix indentation of BatchedTransitionOptimizer.h
Rubber stamped by Mark Hahnenberg.
* runtime/BatchedTransitionOptimizer.h:
2012-11-09 Oliver Hunt <oliver@apple.com>
So Thingy probably isn't the best name for a class, so
renamed to CacheMap.
RS=Geoff
* runtime/CodeCache.h:
(JSC::CacheMap::CacheMap):
2012-11-09 Filip Pizlo <fpizlo@apple.com>
ArrayPrototype should start out with a blank indexing type
https://bugs.webkit.org/show_bug.cgi?id=101719
Reviewed by Mark Hahnenberg.
This allows us to track if the array prototype ever ends up with indexed
properties.
* runtime/ArrayPrototype.cpp:
(JSC::ArrayPrototype::create):
(JSC::ArrayPrototype::ArrayPrototype):
* runtime/ArrayPrototype.h:
(ArrayPrototype):
(JSC::ArrayPrototype::createStructure):
2012-11-08 Mark Hahnenberg <mhahnenberg@apple.com>
MarkStackArray should use the BlockAllocator instead of the MarkStackSegmentAllocator
https://bugs.webkit.org/show_bug.cgi?id=101642
Reviewed by Filip Pizlo.
MarkStackSegmentAllocator is like a miniature version of the BlockAllocator. Now that the BlockAllocator has support
for a variety of block sizes, we should get rid of the MarkStackSegmentAllocator in favor of the BlockAllocator.
* heap/BlockAllocator.h: Add new specializations of regionSetFor for the new MarkStackSegments.
(JSC):
(JSC::MarkStackSegment):
* heap/GCThreadSharedData.cpp:
(JSC::GCThreadSharedData::GCThreadSharedData):
(JSC::GCThreadSharedData::reset):
* heap/GCThreadSharedData.h:
(GCThreadSharedData):
* heap/MarkStack.cpp:
(JSC::MarkStackArray::MarkStackArray): We now have a doubly linked list of MarkStackSegments, so we need to refactor
all the places that used the old custom tail/previous logic.
(JSC::MarkStackArray::~MarkStackArray):
(JSC::MarkStackArray::expand):
(JSC::MarkStackArray::refill):
(JSC::MarkStackArray::donateSomeCellsTo): Refactor to use the new linked list.
(JSC::MarkStackArray::stealSomeCellsFrom): Ditto.
* heap/MarkStack.h:
(JSC):
(MarkStackSegment):
(JSC::MarkStackSegment::MarkStackSegment):
(JSC::MarkStackSegment::sizeFromCapacity):
(MarkStackArray):
* heap/MarkStackInlines.h:
(JSC::MarkStackSegment::create):
(JSC):
(JSC::MarkStackArray::postIncTop):
(JSC::MarkStackArray::preDecTop):
(JSC::MarkStackArray::setTopForFullSegment):
(JSC::MarkStackArray::setTopForEmptySegment):
(JSC::MarkStackArray::top):
(JSC::MarkStackArray::validatePrevious):
(JSC::MarkStackArray::append):
(JSC::MarkStackArray::removeLast):
(JSC::MarkStackArray::isEmpty):
(JSC::MarkStackArray::size):
* heap/SlotVisitor.cpp:
(JSC::SlotVisitor::SlotVisitor):
2012-11-09 Gabor Ballabas <gaborb@inf.u-szeged.hu>
[Qt] r133953 broke the ARM_TRADITIONAL build
https://bugs.webkit.org/show_bug.cgi?id=101706
Reviewed by Csaba Osztrogonác.
Fix for both hardfp and softfp.
* dfg/DFGCCallHelpers.h:
(CCallHelpers):
(JSC::DFG::CCallHelpers::setupArgumentsWithExecState):
2012-11-09 Sheriff Bot <webkit.review.bot@gmail.com>
Unreviewed, rolling out r134051.
http://trac.webkit.org/changeset/134051
https://bugs.webkit.org/show_bug.cgi?id=101757
It didn't fix the build (Requested by Ossy on #webkit).
* dfg/DFGCCallHelpers.h:
(JSC::DFG::CCallHelpers::setupArgumentsWithExecState):
2012-11-09 Gabor Ballabas <gaborb@inf.u-szeged.hu>
[Qt] r133953 broke the ARM_TRADITIONAL build
https://bugs.webkit.org/show_bug.cgi?id=101706
Reviewed by Csaba Osztrogonác.
Fix the ARM_TRADITIONAL build after r133953
* dfg/DFGCCallHelpers.h:
(JSC::DFG::CCallHelpers::setupArgumentsWithExecState):
(CCallHelpers):
2012-11-09 Csaba Osztrogonác <ossy@webkit.org>
[Qt] Fix the LLINT build from ARMv7 platform
https://bugs.webkit.org/show_bug.cgi?id=101712
Reviewed by Simon Hausmann.
Enable generating of LLIntAssembly.h on ARM platforms.
* DerivedSources.pri:
* JavaScriptCore.pro:
2012-11-08 Filip Pizlo <fpizlo@apple.com>
ArrayPrototype.h should have correct indentation
Rubber stamped by Sam Weinig.
* runtime/ArrayPrototype.h:
2012-11-08 Mark Lam <mark.lam@apple.com>
Renamed ...InlineMethods.h files to ...Inlines.h.
https://bugs.webkit.org/show_bug.cgi?id=101145.
Reviewed by Geoffrey Garen.
This is only a refactoring effort to rename the files. There are no
functionality changes.
* API/JSObjectRef.cpp:
* GNUmakefile.list.am:
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
* JavaScriptCore.xcodeproj/project.pbxproj:
* bytecode/CodeBlock.cpp:
* dfg/DFGOperations.cpp:
* heap/ConservativeRoots.cpp:
* heap/CopiedBlock.h:
* heap/CopiedSpace.cpp:
* heap/CopiedSpaceInlineMethods.h: Removed.
* heap/CopiedSpaceInlines.h: Copied from Source/JavaScriptCore/heap/CopiedSpaceInlineMethods.h.
* heap/CopyVisitor.cpp:
* heap/CopyVisitorInlineMethods.h: Removed.
* heap/CopyVisitorInlines.h: Copied from Source/JavaScriptCore/heap/CopyVisitorInlineMethods.h.
* heap/GCThread.cpp:
* heap/GCThreadSharedData.cpp:
* heap/HandleStack.cpp:
* heap/Heap.cpp:
* heap/HeapRootVisitor.h:
* heap/MarkStack.cpp:
* heap/MarkStackInlineMethods.h: Removed.
* heap/MarkStackInlines.h: Copied from Source/JavaScriptCore/heap/MarkStackInlineMethods.h.
* heap/SlotVisitor.cpp:
* heap/SlotVisitor.h:
* heap/SlotVisitorInlineMethods.h: Removed.
* heap/SlotVisitorInlines.h: Copied from Source/JavaScriptCore/heap/SlotVisitorInlineMethods.h.
* jit/HostCallReturnValue.cpp:
* jit/JIT.cpp:
* jit/JITArithmetic.cpp:
* jit/JITArithmetic32_64.cpp:
* jit/JITCall.cpp:
* jit/JITCall32_64.cpp:
* jit/JITInlineMethods.h: Removed.
* jit/JITInlines.h: Copied from Source/JavaScriptCore/jit/JITInlineMethods.h.
* jit/JITOpcodes.cpp:
* jit/JITOpcodes32_64.cpp:
* jit/JITPropertyAccess.cpp:
* jit/JITPropertyAccess32_64.cpp:
* jsc.cpp:
* runtime/ArrayConstructor.cpp:
* runtime/ArrayPrototype.cpp:
* runtime/ButterflyInlineMethods.h: Removed.
* runtime/ButterflyInlines.h: Copied from Source/JavaScriptCore/runtime/ButterflyInlineMethods.h.
* runtime/IndexingHeaderInlineMethods.h: Removed.
* runtime/IndexingHeaderInlines.h: Copied from Source/JavaScriptCore/runtime/IndexingHeaderInlineMethods.h.
* runtime/JSActivation.h:
* runtime/JSArray.cpp:
* runtime/JSArray.h:
* runtime/JSCell.h:
* runtime/JSObject.cpp:
* runtime/JSValueInlineMethods.h: Removed.
* runtime/JSValueInlines.h: Copied from Source/JavaScriptCore/runtime/JSValueInlineMethods.h.
* runtime/LiteralParser.cpp:
* runtime/ObjectConstructor.cpp: