Diff
Modified: trunk/JavaScriptCore/API/APICast.h (33978 => 33979)
--- trunk/JavaScriptCore/API/APICast.h 2008-05-21 23:18:09 UTC (rev 33978)
+++ trunk/JavaScriptCore/API/APICast.h 2008-05-22 01:20:45 UTC (rev 33979)
@@ -108,7 +108,6 @@
inline JSGlobalContextRef toGlobalRef(KJS::ExecState* e)
{
- ASSERT(!e->callingExecState());
return reinterpret_cast<JSGlobalContextRef>(e);
}
Modified: trunk/JavaScriptCore/API/JSBase.cpp (33978 => 33979)
--- trunk/JavaScriptCore/API/JSBase.cpp 2008-05-21 23:18:09 UTC (rev 33978)
+++ trunk/JavaScriptCore/API/JSBase.cpp 2008-05-22 01:20:45 UTC (rev 33979)
@@ -44,8 +44,10 @@
JSObject* jsThisObject = toJS(thisObject);
UString::Rep* scriptRep = toJS(script);
UString::Rep* sourceURLRep = sourceURL ? toJS(sourceURL) : &UString::Rep::null;
+
// Interpreter::evaluate sets "this" to the global object if it is NULL
- Completion completion = Interpreter::evaluate(exec->dynamicGlobalObject()->globalExec(), UString(sourceURLRep), startingLineNumber, UString(scriptRep), jsThisObject);
+ JSGlobalObject* globalObject = exec->dynamicGlobalObject();
+ Completion completion = Interpreter::evaluate(globalObject->globalExec(), globalObject->globalScopeChain(), UString(sourceURLRep), startingLineNumber, UString(scriptRep), jsThisObject);
if (completion.complType() == Throw) {
if (exception)
Modified: trunk/JavaScriptCore/API/JSCallbackConstructor.cpp (33978 => 33979)
--- trunk/JavaScriptCore/API/JSCallbackConstructor.cpp 2008-05-21 23:18:09 UTC (rev 33978)
+++ trunk/JavaScriptCore/API/JSCallbackConstructor.cpp 2008-05-22 01:20:45 UTC (rev 33979)
@@ -56,9 +56,9 @@
return true;
}
-bool JSCallbackConstructor::implementsConstruct() const
+ConstructType JSCallbackConstructor::getConstructData(ConstructData&)
{
- return true;
+ return ConstructTypeNative;
}
JSObject* JSCallbackConstructor::construct(ExecState* exec, const List &args)
Modified: trunk/JavaScriptCore/API/JSCallbackConstructor.h (33978 => 33979)
--- trunk/JavaScriptCore/API/JSCallbackConstructor.h 2008-05-21 23:18:09 UTC (rev 33978)
+++ trunk/JavaScriptCore/API/JSCallbackConstructor.h 2008-05-22 01:20:45 UTC (rev 33979)
@@ -32,16 +32,15 @@
namespace KJS {
-class JSCallbackConstructor : public JSObject
-{
+class JSCallbackConstructor : public JSObject {
public:
JSCallbackConstructor(ExecState* exec, JSClassRef jsClass, JSObjectCallAsConstructorCallback callback);
virtual ~JSCallbackConstructor();
virtual bool implementsHasInstance() const;
- virtual bool implementsConstruct() const;
- virtual JSObject* construct(ExecState*, const List &args);
+ virtual ConstructType getConstructData(ConstructData&);
+ virtual JSObject* construct(ExecState*, const List& args);
virtual const ClassInfo *classInfo() const { return &info; }
static const ClassInfo info;
Modified: trunk/JavaScriptCore/API/JSCallbackObject.h (33978 => 33979)
--- trunk/JavaScriptCore/API/JSCallbackObject.h 2008-05-21 23:18:09 UTC (rev 33978)
+++ trunk/JavaScriptCore/API/JSCallbackObject.h 2008-05-22 01:20:45 UTC (rev 33979)
@@ -53,13 +53,13 @@
virtual bool deleteProperty(ExecState*, const Identifier&);
virtual bool deleteProperty(ExecState*, unsigned);
- virtual bool implementsConstruct() const;
+ virtual ConstructType getConstructData(ConstructData&);
virtual JSObject* construct(ExecState*, const List& args);
virtual bool implementsHasInstance() const;
virtual bool hasInstance(ExecState *exec, JSValue *value);
- virtual bool implementsCall() const;
+ virtual CallType getCallData(CallData&);
virtual JSValue* callAsFunction(ExecState*, JSObject* thisObj, const List &args);
virtual void getPropertyNames(ExecState*, PropertyNameArray&);
Modified: trunk/JavaScriptCore/API/JSCallbackObjectFunctions.h (33978 => 33979)
--- trunk/JavaScriptCore/API/JSCallbackObjectFunctions.h 2008-05-21 23:18:09 UTC (rev 33978)
+++ trunk/JavaScriptCore/API/JSCallbackObjectFunctions.h 2008-05-22 01:20:45 UTC (rev 33979)
@@ -237,13 +237,13 @@
}
template <class Base>
-bool JSCallbackObject<Base>::implementsConstruct() const
+ConstructType JSCallbackObject<Base>::getConstructData(ConstructData&)
{
for (JSClassRef jsClass = m_class; jsClass; jsClass = jsClass->parentClass)
if (jsClass->callAsConstructor)
- return true;
+ return ConstructTypeNative;
- return false;
+ return ConstructTypeNone;
}
template <class Base>
@@ -263,7 +263,7 @@
}
}
- ASSERT(0); // implementsConstruct should prevent us from reaching here
+ ASSERT(0); // getConstructData should prevent us from reaching here
return 0;
}
@@ -293,15 +293,14 @@
return 0;
}
-
template <class Base>
-bool JSCallbackObject<Base>::implementsCall() const
+CallType JSCallbackObject<Base>::getCallData(CallData&)
{
for (JSClassRef jsClass = m_class; jsClass; jsClass = jsClass->parentClass)
if (jsClass->callAsFunction)
- return true;
+ return CallTypeNative;
- return false;
+ return CallTypeNone;
}
template <class Base>
@@ -322,7 +321,7 @@
}
}
- ASSERT_NOT_REACHED(); // implementsCall should prevent us from reaching here
+ ASSERT_NOT_REACHED(); // getCallData should prevent us from reaching here
return 0;
}
@@ -367,6 +366,11 @@
template <class Base>
double JSCallbackObject<Base>::toNumber(ExecState* exec) const
{
+ // We need this check to guard against the case where this object is rhs of
+ // a binary expression where lhs threw an exception in its conversion to
+ // primitive
+ if (exec->hadException())
+ return NaN;
JSContextRef ctx = toRef(exec);
JSObjectRef thisRef = toRef(this);
Modified: trunk/JavaScriptCore/API/JSObjectRef.cpp (33978 => 33979)
--- trunk/JavaScriptCore/API/JSObjectRef.cpp 2008-05-21 23:18:09 UTC (rev 33978)
+++ trunk/JavaScriptCore/API/JSObjectRef.cpp 2008-05-22 01:20:45 UTC (rev 33979)
@@ -298,7 +298,8 @@
bool JSObjectIsConstructor(JSContextRef, JSObjectRef object)
{
JSObject* jsObject = toJS(object);
- return jsObject->implementsConstruct();
+ ConstructData constructData;
+ return jsObject->getConstructData(constructData) != ConstructTypeNone;
}
JSObjectRef JSObjectCallAsConstructor(JSContextRef ctx, JSObjectRef object, size_t argumentCount, const JSValueRef arguments[], JSValueRef* exception)
Modified: trunk/JavaScriptCore/API/JSValueRef.cpp (33978 => 33979)
--- trunk/JavaScriptCore/API/JSValueRef.cpp 2008-05-21 23:18:09 UTC (rev 33978)
+++ trunk/JavaScriptCore/API/JSValueRef.cpp 2008-05-22 01:20:45 UTC (rev 33979)
@@ -134,13 +134,13 @@
bool JSValueIsStrictEqual(JSContextRef ctx, JSValueRef a, JSValueRef b)
{
+ UNUSED_PARAM(ctx);
+
JSLock lock;
- ExecState* exec = toJS(ctx);
JSValue* jsA = toJS(a);
JSValue* jsB = toJS(b);
- bool result = strictEqual(exec, jsA, jsB); // can't throw because it doesn't perform value conversion
- ASSERT(!exec->hadException());
+ bool result = strictEqual(jsA, jsB);
return result;
}
Modified: trunk/JavaScriptCore/ChangeLog (33978 => 33979)
--- trunk/JavaScriptCore/ChangeLog 2008-05-21 23:18:09 UTC (rev 33978)
+++ trunk/JavaScriptCore/ChangeLog 2008-05-22 01:20:45 UTC (rev 33979)
@@ -1,3 +1,5769 @@
+=== End merge of squirrelfish ===
+
+2008-05-21 Geoffrey Garen <ggaren@apple.com>
+
+ Reviewed by Tim Hatcher.
+
+ Merged with trunk WebCore's new debugger.
+
+ * kjs/DebuggerCallFrame.cpp:
+ (KJS::DebuggerCallFrame::evaluate): Changed this function to separate
+ the exception value from the return value. The WebKit debugger treats
+ them as one, but the WebCore debugger doesn't.
+
+ * kjs/DebuggerCallFrame.h:
+ (KJS::DebuggerCallFrame::dynamicGlobalObject): Added a new accessor for
+ the dynamic global object, since the debugger doesn't want the lexical
+ global object.
+
+2008-05-21 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Maciej.
+
+ Bug 19116: SquirrelFish shouldn't regress on variable lookups
+ <https://bugs.webkit.org/show_bug.cgi?id=19116>
+
+ Optimise cross scope assignment, 0.4% progression in sunspider.
+
+ * VM/CodeBlock.cpp:
+ (KJS::CodeBlock::dump):
+ * VM/CodeGenerator.cpp:
+ (KJS::CodeGenerator::emitPutScopedVar):
+ * VM/CodeGenerator.h:
+ * VM/Machine.cpp:
+ (KJS::Machine::privateExecute):
+ * VM/Opcode.h:
+ * kjs/nodes.cpp:
+ (KJS::AssignResolveNode::emitCode):
+
+2008-05-21 Maciej Stachowiak <mjs@apple.com>
+
+ Reviewed by Oliver.
+
+ - check property map before symbol table in JSGlobalObject::getOwnPropertySlot
+ 0.5% speedup on SunSpider
+
+ * kjs/JSGlobalObject.h:
+ (KJS::JSGlobalObject::getOwnPropertySlot): Check property map before symbol table
+ because symbol table access is likely to have been optimized.
+
+2008-05-21 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Maciej.
+
+ Bug 19116: SquirrelFish shouldn't regress on variable lookups
+ <https://bugs.webkit.org/show_bug.cgi?id=19116>
+
+ Optimise multiscope lookup of statically resolvable function calls.
+ SunSpider reports a 1.5% improvement, including 37% on
+ controlflow-recursive for some reason :D
+
+ * VM/CodeBlock.cpp:
+ (KJS::CodeBlock::dump):
+ * VM/CodeGenerator.cpp:
+ (KJS::CodeGenerator::emitResolve):
+ * VM/CodeGenerator.h:
+ * kjs/nodes.cpp:
+ (KJS::FunctionCallResolveNode::emitCode):
+
+2008-05-21 Maciej Stachowiak <mjs@apple.com>
+
+ Reviewed by Oliver.
+
+ - give JSGlobalObject a special version of getOwnPropertySlot that tells you if the slot is directly writable
+ (WebCore change using this is a 2.6% speedup on in-browser SunSpider).
+
+ * JavaScriptCore.exp:
+ * kjs/JSGlobalObject.h:
+ (KJS::JSGlobalObject::getOwnPropertySlot):
+ * kjs/JSVariableObject.h:
+ (KJS::JSVariableObject::symbolTableGet):
+ * kjs/object.h:
+ (KJS::JSObject::getDirectLocation):
+ (KJS::JSObject::getOwnPropertySlotForWrite):
+ * kjs/property_map.cpp:
+ (KJS::PropertyMap::getLocation):
+ * kjs/property_map.h:
+ * kjs/property_slot.h:
+ (KJS::PropertySlot::putValue):
+
+2008-05-20 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Maciej.
+
+ Bug 19116: SquirrelFish shouldn't regress on variable lookups
+ <https://bugs.webkit.org/show_bug.cgi?id=19116>
+
+ This restores multiscope optimisation to simple resolve, producing
+ a 2.6% progression in SunSpider. Have verified that none of the
+ sites broken by the multiscope optimisation in trunk were effected
+ by this change.
+
+ * VM/CodeBlock.cpp:
+ (KJS::CodeBlock::dump):
+ * VM/CodeBlock.h:
+ (KJS::CodeBlock::CodeBlock):
+ * VM/CodeGenerator.cpp:
+ (KJS::CodeGenerator::findScopedProperty):
+ (KJS::CodeGenerator::emitResolve):
+ * VM/CodeGenerator.h:
+ * VM/Machine.cpp:
+ (KJS::resolve_n):
+ (KJS::Machine::privateExecute):
+ * VM/Opcode.h:
+ * kjs/JSVariableObject.h:
+
+2008-05-20 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by NOBODY (Build fix).
+
+ Fixerate the windows build.
+
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+ * VM/CodeGenerator.cpp:
+ * VM/RegisterFile.h:
+ * kjs/JSGlobalObject.h:
+ * kjs/Parser.cpp:
+ * kjs/interpreter.h:
+
+2008-05-20 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Geoff.
+
+ Bug 19110: SquirrelFish: Google Maps - no maps
+ <https://bugs.webkit.org/show_bug.cgi?id=19110>
+
+ Correct a comedy of errors present in my original patch to "fix"
+ exceptions occurring midway through pre and post increment. This
+ solution is cleaner than the original, doesn't need the additional
+ opcodes, and as an added benefit does not break Google Maps.
+
+ Sunspider reports a 0.4% progression.
+
+ * VM/CodeBlock.cpp:
+ (KJS::CodeBlock::dump):
+ * VM/CodeGenerator.cpp:
+ * VM/CodeGenerator.h:
+ * VM/Machine.cpp:
+ (KJS::Machine::privateExecute):
+ * VM/Opcode.h:
+ * kjs/nodes.cpp:
+ (KJS::PreIncResolveNode::emitCode):
+ (KJS::PreDecResolveNode::emitCode):
+ (KJS::PreIncBracketNode::emitCode):
+ (KJS::PreDecBracketNode::emitCode):
+ (KJS::PreIncDotNode::emitCode):
+ (KJS::PreDecDotNode::emitCode):
+
+2008-05-20 Maciej Stachowiak <mjs@apple.com>
+
+ Reviewed by Oliver.
+
+ - inline JSGlobalObject::getOwnPropertySlot
+ 1% improvement on in-browser SunSpider (a wash command-line)
+
+ * kjs/JSGlobalObject.cpp:
+ * kjs/JSGlobalObject.h:
+ (KJS::JSGlobalObject::getOwnPropertySlot):
+
+2008-05-18 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Maciej.
+
+ Bug 18752: SQUIRRELFISH: exceptions are not always handled by the vm
+ <https://bugs.webkit.org/show_bug.cgi?id=18752>
+
+ Handle exceptions thrown by toString conversion in subscript operators,
+ this should basically complete exception handling in SquirrelFish.
+
+ Sunspider reports no regression.
+
+ * VM/Machine.cpp:
+ (KJS::Machine::privateExecute):
+
+2008-05-17 Geoffrey Garen <ggaren@apple.com>
+
+ Reviewed by Oliver Hunt.
+
+ [Reapplying patch with previously missing files from r33553 -- Oliver]
+
+ Behold: debugging.
+
+ SunSpider reports no change.
+
+ * JavaScriptCore.xcodeproj/project.pbxproj: Added DebuggerCallFrame.h/.cpp,
+ and created a debugger folder.
+
+ * VM/CodeGenerator.cpp:
+ (KJS::CodeGenerator::generate): If the debugger is attached, always
+ generate full scope chains for its sake.
+
+ * VM/Machine.cpp:
+ (KJS::Machine::unwindCallFrame): Notify the debugger when unwinding
+ due to an exception, so it doesn't keep stale call frames around.
+
+ (KJS::Machine::execute): Set Callee to 0 in eval frames, so the
+ debugger can distinguish them from function call frames.
+
+ (KJS::Machine::debug): Simplified this function, since the debugger
+ doesn't actually need all the information we used to provide.
+
+ (KJS::Machine::privateExecute): Treat debugging hooks like other function
+ calls, so the code we hook into (the debugger UI) can be optimized.
+
+ * kjs/debugger.cpp: Nixed these default callback implementations and
+ made the callbacks pure virtual instead, so the compiler could tell me
+ if I made a mistake in one of the subclasses.
+
+ * kjs/debugger.h: Removed a bunch of irrelevent data from the debugger
+ callbacks. Changed from passing an ExecState* to passing a
+ DebuggerCallFrame*, since an ExecState* doesn't contain sufficient
+ information anymore.
+
+ * kjs/function.cpp:
+ (KJS::globalFuncEval): Easiest bug fix evar!
+
+ [Previously missing files from r33553]
+ * kjs/DebuggerCallFrame.cpp: Copied from JavaScriptCore/profiler/FunctionCallProfile.h.
+ (KJS::DebuggerCallFrame::functionName):
+ (KJS::DebuggerCallFrame::thisObject):
+ (KJS::DebuggerCallFrame::evaluateScript):
+ * kjs/DebuggerCallFrame.h: Copied from JavaScriptCore/VM/Register.h.
+ (KJS::DebuggerCallFrame::DebuggerCallFrame):
+ (KJS::DebuggerCallFrame::scopeChain):
+ (KJS::DebuggerCallFrame::exception):
+
+2008-05-17 Cameron Zwarich <cwzwarich@uwaterloo.ca>
+
+ Reviewed by Oliver.
+
+ Bug 18991: SquirrelFish: Major codegen issue in a.b=expr, a[b]=expr
+ <https://bugs.webkit.org/show_bug.cgi?id=18991>
+
+ Fix the last remaining blocking cases of this bug.
+
+ * kjs/grammar.y:
+ * kjs/nodes.cpp:
+ (KJS::ReadModifyResolveNode::emitCode):
+
+2008-05-17 Cameron Zwarich <cwzwarich@uwaterloo.ca>
+
+ Reviewed by Oliver.
+
+ Partial fix for:
+
+ Bug 18991: SquirrelFish: Major codegen issue in a.b=expr, a[b]=expr
+ <https://bugs.webkit.org/show_bug.cgi?id=18991>
+
+ Ensure that the code generated for assignments uses temporaries whenever
+ necessary. This patch covers the vast majority of situations, but there
+ are still a few left.
+
+ This patch also adds some missing cases to CodeBlock::dump().
+
+ * VM/CodeBlock.cpp:
+ (KJS::CodeBlock::dump):
+ * VM/CodeGenerator.h:
+ (KJS::CodeGenerator::destinationForAssignResult):
+ (KJS::CodeGenerator::leftHandSideNeedsCopy):
+ (KJS::CodeGenerator::emitNodeForLeftHandSide):
+ * kjs/NodeInfo.h:
+ * kjs/grammar.y:
+ * kjs/nodes.cpp:
+ (KJS::AssignDotNode::emitCode):
+ (KJS::ReadModifyDotNode::emitCode):
+ (KJS::AssignBracketNode::emitCode):
+ (KJS::ReadModifyBracketNode::emitCode):
+ (KJS::ForInNode::ForInNode):
+ * kjs/nodes.h:
+ (KJS::ReadModifyResolveNode::):
+ (KJS::AssignResolveNode::):
+ (KJS::ReadModifyBracketNode::):
+ (KJS::AssignBracketNode::):
+ (KJS::AssignDotNode::):
+ (KJS::ReadModifyDotNode::):
+
+2008-05-17 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Maciej.
+
+ Bug 19106: SquirrelFish: Activation is not marked correctly
+ <https://bugs.webkit.org/show_bug.cgi?id=19106>
+
+ We can't rely on the symbol table for a count of the number of globals
+ we need to mark as that misses duplicate parameters and 'this'. Now we
+ use the actual local register count from the codeBlock.
+
+ * kjs/JSActivation.cpp:
+ (KJS::JSActivation::mark):
+
+2008-05-16 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Geoff.
+
+ Bug 19076: SquirrelFish: RegisterFile can be corrupted if implictly reenter global scope with no declared vars
+ <https://bugs.webkit.org/show_bug.cgi?id=19076>
+
+ Don't delay allocation of initial global RegisterFile, as we can't guarantee we will be able
+ to allocate the global 'this' register safely at any point after initialisation of the Global
+ Object.
+
+ Unfortunately this initial allocation caused a regression of 0.2-0.3%, however this patch adds
+ support for the static slot optimisation for the global Math object which brings it to a 0.3%
+ progression.
+
+ * VM/CodeGenerator.cpp:
+ (KJS::CodeGenerator::programCodeThis):
+ (KJS::CodeGenerator::CodeGenerator):
+ (KJS::CodeGenerator::addParameter):
+ * VM/CodeGenerator.h:
+ * VM/Machine.cpp:
+ (KJS::Machine::execute):
+ * kjs/ExecState.h:
+ * kjs/JSGlobalObject.cpp:
+ (KJS::JSGlobalObject::reset):
+ * kjs/JSGlobalObject.h:
+ (KJS::JSGlobalObject::GlobalPropertyInfo::GlobalPropertyInfo):
+ (KJS::JSGlobalObject::addStaticGlobals):
+ * kjs/nodes.cpp:
+
+2008-05-16 Cameron Zwarich <cwzwarich@uwaterloo.ca>
+
+ Reviewed by Oliver Hunt.
+
+ Bug 19098: SquirrelFish: Ref'd temporaries can be clobbered
+ <https://bugs.webkit.org/show_bug.cgi?id=19098>
+
+ When doing code generation for a statement list, increase the reference
+ count on a register that might eventually be returned, so that it doesn't
+ get clobbered by a request for a new temporary.
+
+ * kjs/nodes.cpp:
+ (KJS::statementListEmitCode):
+
+2008-05-16 Maciej Stachowiak <mjs@apple.com>
+
+ Reviewed by Oliver.
+
+ - fixed Bug 19044: SquirrelFish: Bogus values enter evaluation when closing over scope with parameter and var with same name
+ https://bugs.webkit.org/show_bug.cgi?id=19044
+
+ * kjs/JSActivation.cpp:
+ (KJS::JSActivation::copyRegisters): Use numLocals from the code
+ block rather than the size of the symbol table for the number of
+ registers to copy, to account for duplicate parameters and vars
+ with the same name as parameters (we still have potentially
+ suboptimal codegen in that we allocate a local register for the
+ var in the latter case but it is never used).
+
+2008-05-15 Geoffrey Garen <ggaren@apple.com>
+
+ Not reviewed.
+
+ We regret to inform you that your program is crashing because you were
+ stupid.
+
+ * VM/Machine.cpp:
+ (KJS::Machine::privateExecute): Math is hard.
+
+2008-05-14 Geoffrey Garen <ggaren@apple.com>
+
+ Reviewed by Oliver Hunt.
+
+ A little more debugger action: filled in op_debug. All debugger control
+ flow works now, but variable inspection and backtraces still don't.
+
+ SunSpider reports no change.
+
+ * VM/CodeGenerator.cpp: Changed op_debug to accept line number parameters.
+
+ * VM/Machine.cpp:
+ (KJS::Machine::getFunctionAndArguments): Moved op_debug into a
+ NEVER_INLINE function to avoid a stunning 10% performance regression.
+ Also factored out a common function for retrieving the function and
+ arguments from a call frame.
+
+ * kjs/JSActivation.cpp:
+ (KJS::JSActivation::createArgumentsObject): Use the new factored out
+ function mentioned above.
+
+ * kjs/Parser.cpp:
+ (KJS::Parser::parse): Increment m_sourceId before assigning it, so the
+ sourceId we send to the debugger matches the sourceId recorded in the
+ node.
+
+ * kjs/nodes.cpp: Emit debugging hooks.
+
+2008-05-14 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Maciej.
+
+ Bug 19024: SQUIRRELFISH: ASSERTION FAILED: activation->isActivationObject() in Machine::unwindCallFrame
+ <https://bugs.webkit.org/show_bug.cgi?id=19024>
+
+ This fixes a number of issues. The most important is that we now check every register
+ file for tainting rather than just looking for function register files as that was
+ insufficient. Additionally guarded against implicit re-entry into Eval code.
+
+ Also added a few additional assertions to reduce the amout of time between something
+ going wrong and us seeing the error.
+
+ * VM/Machine.cpp:
+ (KJS::Machine::execute):
+ (KJS::Machine::privateExecute):
+ * VM/RegisterFile.cpp:
+ (KJS::RegisterFile::growBuffer):
+ (KJS::RegisterFile::addGlobalSlots):
+ * VM/RegisterFileStack.cpp:
+ (KJS::RegisterFileStack::pushGlobalRegisterFile):
+ (KJS::RegisterFileStack::pushFunctionRegisterFile):
+ * VM/RegisterFileStack.h:
+ (KJS::RegisterFileStack::inImplicitCall):
+
+2008-05-14 Geoffrey Garen <ggaren@apple.com>
+
+ Reviewed by Oliver Hunt.
+
+ A little more debugger action: emit opcodes for debugger hooks. Right
+ now, the opcode implementation is just a stub.
+
+ SunSpider reports no change.
+
+ Some example codegen for "function f() { 1; }":
+
+ [ 0] dbg DidEnterCallFrame
+ [ 2] dbg WillExecuteStatement
+ [ 4] load tr0, 1(@k0)
+ [ 7] load tr0, undefined(@k1)
+ [ 10] dbg WillLeaveCallFrame
+ [ 12] ret tr0
+
+2008-05-14 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Geoff.
+
+ Bug 19025: SQUIRRELFISH: malformed syntax in onload handler causes crash
+ <https://bugs.webkit.org/show_bug.cgi?id=19025>
+
+ Simple fix -- move the use of functionBodyNode to after the null check.
+
+ * kjs/function_object.cpp:
+ (KJS::FunctionObjectImp::construct):
+
+2008-05-13 Geoffrey Garen <ggaren@apple.com>
+
+ Reviewed by Oliver Hunt.
+
+ Fixed a codegen crash with run-time parse errors.
+
+ SunSpider reports no change.
+
+ emitThrowError needs to return the temporary holding the error, not dst,
+ since dst may be NULL. In fact, emitThrowError shouldn't take a dst
+ parameter at all, since exceptions should not modify the destination
+ register.
+
+2008-05-13 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Geoff.
+
+ Bug 19027: SquirrelFish: Incorrect codegen for pre-increment
+ <https://bugs.webkit.org/show_bug.cgi?id=19027>
+
+ This fixes the codegen issues for the pre-inc/decrement operators
+ to prevent incorrectly clobbering the destination in the event of
+ an exception.
+
+ * VM/CodeBlock.cpp:
+ (KJS::CodeBlock::dump):
+ * VM/CodeGenerator.cpp:
+ (KJS::CodeGenerator::emitPreInc):
+ (KJS::CodeGenerator::emitPreDec):
+ * VM/CodeGenerator.h:
+ * VM/Machine.cpp:
+ (KJS::Machine::privateExecute):
+ * VM/Opcode.h:
+ * kjs/nodes.cpp:
+ (KJS::PreIncResolveNode::emitCode):
+ (KJS::PreDecResolveNode::emitCode):
+ (KJS::PreIncBracketNode::emitCode):
+ (KJS::PreDecBracketNode::emitCode):
+ (KJS::PreIncDotNode::emitCode):
+ (KJS::PreDecDotNode::emitCode):
+
+2008-05-13 Geoffrey Garen <ggaren@apple.com>
+
+ Reviewed by Oliver Hunt.
+
+ A little more debugger action: supply a real line number, sourceId,
+ and sourceURL in op_new_error.
+
+ SunSpider reports a .2% speedup. Not sure what that's about.
+
+ * VM/Machine.cpp:
+ (KJS::Machine::privateExecute): Use the new good stuff in op_new_error.
+
+ * kjs/nodes.cpp:
+ (KJS::RegExpNode::emitCode): Use the shared emitThrowError instead of
+ rolling our own.
+
+2008-05-13 Geoffrey Garen <ggaren@apple.com>
+
+ Reviewed by Oliver Hunt.
+
+ A little more debugger action: implemented the exception callback.
+
+ SunSpider reports a .2% speedup. Not sure what that's about.
+
+ * VM/CodeBlock.h: A little refactoring here. Store a pointer to our
+ owner ScopeNode so we can retrieve data from it. This allows us to
+ stop storing copies of the data ourselves. Also, store a "this" register
+ instead of a code type, since we were only using the code type to
+ calculate the "this" register.
+
+ * VM/CodeGenerator.cpp:
+ (KJS::CodeGenerator::generate): Calculate the "this" register mentioned
+ above. Also, take care of removing "this" from the symbol table after
+ codegen is done, since relying on the timing of a destructor for correct
+ behavior is not so good.
+
+ * VM/Machine.cpp:
+ (KJS::Machine::throwException): Invoke the debugger's exception callback.
+ (KJS::Machine::privateExecute): Use the "this" register mentioned above.
+
+2008-05-13 Geoffrey Garen <ggaren@apple.com>
+
+ Reviewed by Oliver Hunt.
+
+ Removed some unused exception machinery.
+
+ SunSpider reports a .3% speedup.
+
+ * API/JSCallbackObject.h:
+ * API/JSCallbackObjectFunctions.h:
+ * JavaScriptCore.exp:
+ * VM/Machine.cpp:
+ (KJS::Machine::privateExecute):
+ * kjs/internal.cpp:
+ * kjs/object.cpp:
+ * kjs/object.h:
+ * kjs/value.h:
+
+2008-05-13 Geoffrey Garen <ggaren@apple.com>
+
+ Reviewed by Oliver Hunt.
+
+ A little more debugger action.
+
+ * kjs/debugger.cpp:
+ * kjs/debugger.h: Removed debuggersPresent because it was unused.
+ Replaced AttachedGlobalObject linked list with a HashSet because HashSet
+ is faster and simpler. Changed all functions to return void instead of
+ bool, because no clients ever return false, and we don't want to support
+ it.
+
+ * kjs/nodes.cpp: Did some up-keep to avoid build bustage.
+ (KJS::Node::handleException):
+ (KJS::BreakpointCheckStatement::execute):
+ (KJS::FunctionBodyNodeWithDebuggerHooks::execute):
+
+2008-05-13 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Darin.
+
+ Bug 18752: SQUIRRELFISH: exceptions are not always handled by the vm
+ <https://bugs.webkit.org/show_bug.cgi?id=18752>
+
+ Replace old attempt at "branchless" exceptions as the extra information
+ being passed made gcc an unhappy compiler, replacing these custom toNumber
+ calls with ordinary toNumber logic (by relying on toNumber now preventing
+ side effects after an exception has been thrown) provided sufficient leeway
+ to add the additional checks for the remaining unchecked cases.
+
+ This leaves only toString conversions in certain contexts as possibly
+ misbehaving.
+
+ * VM/Machine.cpp:
+ (KJS::jsAdd):
+ (KJS::resolve):
+ (KJS::resolveBaseAndProperty):
+ (KJS::resolveBaseAndFunc):
+ (KJS::Machine::privateExecute):
+ * VM/Opcode.h:
+ * kjs/value.h:
+ (KJS::JSValue::safeGetNumber):
+
+2008-05-13 Geoffrey Garen <ggaren@apple.com>
+
+ Reviewed by Oliver Hunt.
+
+ First steps toward supporting the debugger API: support the sourceParsed
+ callback; plus some minor fixups.
+
+ SunSpider reports no regression.
+
+ * VM/CodeGenerator.h: Removed a misleading comment.
+
+ * kjs/Parser.h: Changed the parser to take an ExecState*, so it can
+ implement the sourceParsed callback -- that way, we only have to
+ implement the callback in one place.
+
+ * kjs/debugger.cpp: Nixed DebuggerImp, because its sole purpose in life
+ was to demonstrate the misapplication of design patterns.
+
+ * kjs/debugger.h: Changed sourceParsed to take a SourceProvider, to
+ reduce copying, and not to return a value, because pausing execution
+ after parsing is complicated, and no clients needed that ability, anyway.
+
+ * kjs/grammar.y: Make sure never to pass a NULL SourceElements* to
+ didFinishParsing -- that simplifies some code down the road.
+
+ * kjs/nodes.cpp: Don't generate special AST nodes just because the
+ debugger is attached -- that's a relic of the old AST execution model,
+ and those nodes haven't been maintained.
+
+2008-05-13 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Geoff.
+
+ Bug 18752: SQUIRRELFISH: exceptions are not always handled by the vm
+ <https://bugs.webkit.org/show_bug.cgi?id=18752>
+
+ First step: prevent incorrect evaluation of valueOf/toString conversion
+ in right hand side of expression after earlier conversion throws.
+
+ * API/JSCallbackObjectFunctions.h:
+ (KJS::::toNumber):
+ * kjs/object.cpp:
+ (KJS::JSObject::defaultValue):
+
+2008-05-12 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Geoff.
+
+ Bug 18934: SQUIRRELFISH: ASSERT @ nytimes.com due to RegisterFile being clobbered
+ <https://bugs.webkit.org/show_bug.cgi?id=18934>
+
+ Unfortunately we cannot create new statically optimised globals if there are any
+ tainted RegisterFiles on the RegisterFileStack. To handle this we re-introduce
+ (in a slightly cleaner form) the inImplicitCall concept to the RegisterFileStack.
+
+ * VM/Machine.cpp:
+ (KJS::Machine::execute):
+ * VM/RegisterFileStack.cpp:
+ (KJS::RegisterFileStack::pushFunctionRegisterFile):
+ * VM/RegisterFileStack.h:
+
+2008-05-12 Geoffrey Garen <ggaren@apple.com>
+
+ Reviewed by Maciej Stachowiak.
+
+ Introduced support for function.caller.
+
+ Improved support for walking interesting scopes for function introspection.
+
+ This fixes all remaining layout tests not blocked by rebasing to trunk.
+
+ SunSpider reports no change.
+
+ * VM/Machine.cpp:
+ (KJS::Machine::dumpRegisters): Fixed a spacing issue.
+
+2008-05-11 Cameron Zwarich <cwzwarich@uwaterloo.ca>
+
+ Reviewed by Oliver.
+
+ Bug 18961: SQUIRRELFISH: Gmail doesn't load
+ <https://bugs.webkit.org/show_bug.cgi?id=18961>
+
+ Fix codegen for logical nodes so that they don't use their destination
+ as a temporary.
+
+ * kjs/nodes.cpp:
+ (KJS::LogicalAndNode::emitCode):
+ (KJS::LogicalOrNode::emitCode):
+
+2008-05-10 Maciej Stachowiak <mjs@apple.com>
+
+ Reviewed by Oliver.
+
+ - JavaScriptCore part of fix for: "SQUIRRELFISH: function toString broken after calling"
+ https://bugs.webkit.org/show_bug.cgi?id=18869
+
+ Three layout tests are fixed:
+ fast/js/toString-elision-trailing-comma.html
+ fast/js/toString-prefix-postfix-preserve-parens.html
+ fast/js/kde/lval-exceptions.html
+
+ Functions now save a shared subrange of the original source used
+ to make them (so in the common case this adds no storage above the
+ memory cache).
+
+ * kjs/SourceProvider.h: Added.
+ (KJS::SourceProvider): New abstract base class for classes that provide on-demand access
+ to the source for a JavaScript program. This allows function objects to have access to their
+ original source without copying.
+ (KJS::UStringSourceProvider): SourceProvider subclass backed by a KJS::UString.
+ (KJS::UStringSourceProvider::create):
+ (KJS::UStringSourceProvider::getRange):
+ (KJS::UStringSourceProvider::data):
+ (KJS::UStringSourceProvider::length):
+ (KJS::UStringSourceProvider::UStringSourceProvider):
+ * kjs/SourceRange.h: Added.
+ (KJS::SourceRange::SourceRange): Class that holds a SourceProvider and a character range into
+ the source, to encapsulate on-demand access to the source of a function.
+ (KJS::SourceRange::toString):
+ * VM/Machine.cpp:
+ (KJS::eval): Pass a UStringSourceProvider to the parser.
+ * kjs/Parser.cpp:
+ (KJS::Parser::parse): Take a SourceProvider and pass it on to the lexer.
+ * kjs/Parser.h:
+ (KJS::Parser::parse): Take a SourceProvider.
+ * kjs/lexer.cpp:
+ (KJS::Lexer::setCode): Take a SourceProvider; keep it around, and
+ use it to get the raw buffer and length.
+ * kjs/lexer.h:
+ (KJS::Lexer::sourceRange): Convenience function to get a source
+ range based on the lexer's source provieder, and char offsets
+ right before and after the desired range.
+ * kjs/function.cpp:
+ (KJS::globalFuncEval): Pass a UStringSourceProvider to the parser.
+ * kjs/function_object.cpp:
+