Projects/jscmerge

From KDE TechBase
Revision as of 23:54, 10 October 2007 by Harri (talk | contribs) (first tiny merge, removed some irrelevant entries)
------------------------------------------------------------------------
r26182 | hausmann | 2007-10-10 07:12:20 -0400 (Wed, 10 Oct 2007) | 3 lines  | MO:Need to check context, probably OK

Fix compilation using gcc 4.3. Header files have been reorganized and as a result some extra
includes are needed for INT_MAX, std::auto_ptr and the like.



------------------------------------------------------------------------
r26074 | ggaren | 2007-10-05 20:54:00 -0400 (Fri, 05 Oct 2007) | 36 lines   | MO: Not interesting, but OK

JavaScriptCore:

        Reviewed by Sam Weinig.
        
        Added JSObject::removeDirect, to support the fix for 
        <rdar://problem/5522487> REGRESSION: With JavaScript disabled, any 
        page load causes a crash in PropertyMap::put

        * kjs/object.cpp:
        (KJS::JSObject::removeDirect):
        * kjs/object.h:

WebCore:

        Reviewed by Sam Weinig.
        
        New fix for <rdar://problem/5522487> REGRESSION: With JavaScript 
        disabled, any page load causes a crash in PropertyMap::put
        
        Explicitly remove the "document" property from the window. The old 
        solution would leave a stale "document" property around after JavaScript
        was re-enabled.

        The architecture for disabling JavaScript could use some consolidation. 
        It seems wrong that a script proxy even exists when JavaScript is 
        disabled. It also seems wrong that so many individual call sites are 
        responsible for checking whether JavaScript is enabled. I've filed a 
        bug about this: http://bugs.webkit.org/show_bug.cgi?id=15385.

        * bindings/js/kjs_proxy.cpp:
        (WebCore::KJSProxy::clearDocumentWrapper):
        * bindings/js/kjs_proxy.h:
        * page/Frame.cpp:
        (WebCore::Frame::setDocument):


------------------------------------------------------------------------
r25934 | darin | 2007-10-02 16:49:13 -0400 (Tue, 02 Oct 2007) | 68 lines  | MO:No-merge. Ugh.

JavaScriptCore:

        Reviewed by Adam.

        - add support for GDI objects to OwnPtr; I plan to use this
          to fix some GDI handle leaks

        * kjs/grammar.y: Change parser to avoid macros that conflict
        with macros defined in Windows system headers: THIS, DELETE,
        VOID, IN, and CONST. This is needed because OwnPtr.h will now
        include <windows.h>.
        * kjs/keywords.table: Ditto.

        * wtf/OwnPtr.h: For PLATFORM(WIN), add support so that OwnPtr can be
        a GDI handle, and it will call DeleteObject. Also change to use the
        RemovePointer technique used by RetainPtr, so you can say OwnPtr<HBITMAP>
        rather than having to pass in the type pointed to by HBITMAP.

        * wtf/OwnPtrWin.cpp: Added.
        (WebCore::deleteOwnedPtr): Put this in a separate file so that we
        don't have to include <windows.h> in OwnPtr.h.

        * JavaScriptCore.vcproj/WTF/WTF.vcproj: Added OwnPtrWin.cpp.

WebCore:

        Reviewed by Adam.

        - add support for GDI objects to OwnPtr; I plan to use this
          to fix some GDI handle leaks

        * css/CSSGrammar.y: Change parser to avoid macro that conflicts
        with macro defined in Windows system headers: FLOAT. This is needed
        because OwnPtr.h will now include <windows.h>.
        * css/CSSParser.cpp: (WebCore::CSSParser::lex): Ditto.
        * css/tokenizer.flex: Ditto.

        * platform/win/CursorWin.cpp: (WebCore::Cursor::Cursor):
        Use OwnPtr for a few HBITMAP objects as a test case.

        * platform/win/COMPtr.h: (COMPtr::COMPtr): Fix so that we can use
        Query with other COMPtr. Before this would not compile if it was
        ever instantiated.

win:

        Reviewed by Adam.

        - started using the new OwnPtr everywhere we do DeleteObject

        * WebNodeHighlight.cpp:
        (WebNodeHighlight::updateWindow):
        * WebView.cpp:
        (WebView::WebView):
        (WebView::deleteBackingStore):
        (WebView::ensureBackingStore):
        (WebView::addToDirtyRegion):
        (WebView::scrollBackingStore):
        (WebView::updateBackingStore):
        (WebView::paint):
        (WebView::paintIntoBackingStore):
        (WebView::paintIntoWindow):
        * WebView.h:

Also set svn:eol-style on all .vcproj to CRLF.

Also added svn:ignore of *.user for WebKitInitializer.

------------------------------------------------------------------------
r25765 | aroben | 2007-09-26 16:06:56 -0400 (Wed, 26 Sep 2007) | 2 lines | MO: No-merge

Oh, Visual Studio, why don't you see when a project file has changed that the project needs to be rebuilt?

------------------------------------------------------------------------
r25759 | aroben | 2007-09-26 02:08:15 -0400 (Wed, 26 Sep 2007) | 2 lines | MO: No-merge

Touch files to force a rebuild

------------------------------------------------------------------------
r25746 | aroben | 2007-09-25 20:54:22 -0400 (Tue, 25 Sep 2007) | 51 lines | MO: no-merge, irrelevant.

Add WebKitInitializer and use it in DumpRenderTree and testkjs

JavaScriptCore:

        Make testkjs use WebKitInitializer

        Reviewed by Sam.

        * JavaScriptCore.vcproj/JavaScriptCore.sln: Add WebKitInitializer and
        make testkjs depend on it.
        * JavaScriptCore.vcproj/testkjs/testkjs.vcproj: Link against
        WebKitInitializer.lib.
        * kjs/testkjs.cpp:
        (main): Call initializeWebKit.

WebKitTools:

        Add WebKitInitializer and use it in DumpRenderTree

        WebKitInitializer is a static library that has one function,
        initializeWebKit(). This registers WebKit and sets up the DLL search
        path so that WebKit's dependencies that are installed with Safari can
        be found.

        Reviewed by Sam.

        * DumpRenderTree/DumpRenderTree.sln: Added WebKitInitializer and made
        DumpRenderTree depend on it.
        * DumpRenderTree/win/DumpRenderTree.cpp:
        (initialize): Call initializeWebKit.
        * DumpRenderTree/win/DumpRenderTree.vcproj: Link against
        WebKitInitializer.lib.
        * WebKitInitializer/WebKitInitializer.cpp: Added.
        (getStringValue):
        (getWebViewCLSID):
        (getInstalledWebKitDirectory):
        (initializeWebKit):
        * WebKitInitializer/WebKitInitializer.h: Added.
        * WebKitInitializer/WebKitInitializer.vcproj: Added.
        * WebKitInitializer/debug.vsprops: Added.
        * WebKitInitializer/release.vsprops: Added.

WebKit/win:

        Add WebKitInitializer to WebKit.sln

        Reviewed by Sam.

        * WebKit.vcproj/WebKit.sln: DumpRenderTree and testkjs now depend on
        WebKitInitializer.

------------------------------------------------------------------------
r25681 | bdash | 2007-09-21 07:06:33 -0400 (Fri, 21 Sep 2007) | 10 lines | MO: Follow up to 25534, likely-merge

2007-09-21  Mark Rowe  <[email protected]>

        Reviewed by Antti Koivisto.

        http://bugs.webkit.org/show_bug.cgi?id=15250
        <rdar://problem/5496942> REGRESSION: Reproducible crash in Safari when evaluating script in Drosera console (15250)

        * kjs/function.cpp:
        (KJS::GlobalFuncImp::callAsFunction): Null-check thisObj before passing it to interpreterForGlobalObject.

------------------------------------------------------------------------
r25625 | weinig | 2007-09-18 18:16:44 -0400 (Tue, 18 Sep 2007) | 1 line | MO: no-merge, pointless (may be trivial sync)

Touch JavaScriptCore file to force rebuild.
------------------------------------------------------------------------
r25541 | ggaren | 2007-09-13 14:52:29 -0400 (Thu, 13 Sep 2007) | 25 lines | MO: maybe-merge, platform-bound

2007-09-12  Geoff Garen  <[email protected]>

        Reviewed by Sam Weinig.

        Fixed <rdar://problem/5429064> 141885 Safari JavaScript: Math.random() slightly less randomly distributed than on Safari / Mac

        Math.random was skewed slightly upward because it assumed that RAND_MAX was outside the range of
        values that rand() might return. This problem was particularly pronounced on Windows because
        the range of values returned by rand() on Windows is 2^16 smaller than the range of values
        return by rand() on Mac.

        Fixed by accounting for RAND_MAX return values. Also, switched Windows over to rand_s, which has
        a range that's equal to rand()'s range on Mac.

        * kjs/config.h:

        * kjs/math_object.cpp:
        (MathFuncImp::callAsFunction): Use the new new thing.

        * wtf/MathExtras.h: Platform abstraction for random numbers, to cover over differences on Windows.
        (wtf_random_init):
        (wtf_random):



------------------------------------------------------------------------
r25535 | antti | 2007-09-13 10:50:22 -0400 (Thu, 13 Sep 2007) | 25 lines | MO: follow up to r25534

JavaScriptCore:

        Reviewed by Maciej.
        
        Small addition to previous path to cover
        http://bugs.webkit.org/show_bug.cgi?id=11399
        window.eval runs in the global scope of the calling window
        
        Switch variable scope as well.

        * kjs/function.cpp:
        (KJS::GlobalFuncImp::callAsFunction):

LayoutTests:

        Reviewed by Maciej.
        
        Change test case to cover
        http://bugs.webkit.org/show_bug.cgi?id=11399
        too.

        * fast/js/window-eval-context-expected.txt:
        * fast/js/window-eval-context.html:


------------------------------------------------------------------------
r25534 | antti | 2007-09-13 09:54:12 -0400 (Thu, 13 Sep 2007) | 35 lines  | MO: merge, after review, likely outstanding BR; need discussion
                                                                          | MO: also may need support in KHTML. May be better to hold off
                                                                          | MO: until GlobalImp. Not sure about what I did with the TC, either

JavaScriptCore:

        Reviewed by Geoff, Maciej.
        
        Fix <rdar://problem/5445058>
        REGRESSION: Unable to upload picture to eBay auction due to domain security check
        
        eBay uses window.eval() between windows. In Firefox window.eval() switches execution
        and security context to the target window, something WebKit did not do. With WebKit
        security tightening in r24781, this broke picture uploads.
        
        Fix by making WebKit switch context in window.eval().
        
        * kjs/Context.cpp:
        (KJS::Context::Context):
        (KJS::Context::~Context):
        * kjs/context.h:
        Save and restore interpreter context independently from calling context.
        
        * kjs/function.cpp:
        (KJS::GlobalFuncImp::callAsFunction):
        If eval is called for global object different than current one, switch execution context
        to that object and push it to scope.

LayoutTests:

        Reviewed by Geoff, Maciej.
        
        Test for <rdar://problem/5445058>
        REGRESSION: Unable to upload picture to eBay auction due to domain security check

        * fast/js/window-eval-context-expected.txt: Added.
        * fast/js/window-eval-context.html: Added.


------------------------------------------------------------------------
r25413 | kmccullo | 2007-09-07 12:52:45 -0400 (Fri, 07 Sep 2007) | 49 lines | MO: No merge, irrelevant

JavaScriptCore:

        Reviewed by Maciej.

        - Moved JSRetainPtr to the API.

        * API/JSRetainPtr.h: Copied from kjs/JSRetainPtr.h.
        (JSRetain):
        (JSRelease):
        (JSRetainPtr::JSRetainPtr):
        (JSRetainPtr::~JSRetainPtr):
        (JSRetainPtr::get):
        (JSRetainPtr::releaseRef):
        (JSRetainPtr::operator->):
        (JSRetainPtr::operator!):
        (JSRetainPtr::operator UnspecifiedBoolType):
        (::operator):
        (::adopt):
        (::swap):
        (swap):
        (operator==):
        (operator!=):
        * JavaScriptCore.xcodeproj/project.pbxproj:
        * kjs/JSRetainPtr.h: Removed.

WebKitTools:

        Reviewed by Maciej.

        - Changed Drosera to take advantage of the JSRetainPtr changes.

        * Drosera/DebuggerDocument.cpp:
        (DebuggerDocument::breakpointEditorHTML):
        (DebuggerDocument::evaluateScript):
        (DebuggerDocument::valueForScopeVariableNamed):
        (DebuggerDocument::log):
        (DebuggerDocument::windowScriptObjectAvailable):
        (DebuggerDocument::toJSArray):
        (DebuggerDocument::callFunctionOnObject):
        (DebuggerDocument::logException):
        * Drosera/mac/DebuggerDocumentMac.mm:
        (-[DebuggerClientMac webView:didLoadMainResourceForDataSource:]):
        (-[DebuggerClientMac webView:didParseSource:baseLineNumber:fromURL:sourceId:forWebFrame:]):
        (DebuggerDocument::platformEvaluateScript):
        (DebuggerDocument::getPlatformCurrentFunctionStack):
        (DebuggerDocument::getPlatformLocalScopeVariableNamesForCallFrame):
        (DebuggerDocument::platformValueForScopeVariableNamed):


------------------------------------------------------------------------
r25409 | mjs | 2007-09-06 22:53:23 -0400 (Thu, 06 Sep 2007) | 21 lines | MO:  Not interesting, but an irrelevant cleanup

        Reviewed by Darin.
        
        - Remove single-threaded optimization for FastMalloc. 
        
        It does not appear to help anywhere but Mac OS X on PPC, due to
        pthread_getspecific being slow there. On Intel, removing the
        optimization results in a ~1.5% PLT speedup, a ~1-5% JS iBench
        speedup, and a ~1.5% HTML iBench speedup. On PPC this change is a
        speedup on some benchmarks, a slight hit on others.

        * JavaScriptCore.xcodeproj/project.pbxproj:
        * kjs/collector.cpp:
        (KJS::Collector::registerThread):
        * wtf/FastMalloc.cpp:
        (WTF::TCMalloc_ThreadCache::GetCache):
        (WTF::TCMalloc_ThreadCache::GetCacheIfPresent):
        (WTF::TCMalloc_ThreadCache::CreateCacheIfNecessary):
        (WTF::do_malloc):
        * wtf/FastMallocInternal.h: Removed.


------------------------------------------------------------------------
r25394 | kmccullo | 2007-09-06 14:48:40 -0400 (Thu, 06 Sep 2007) | 115 lines | MO: No-merge, effectively reverted

JavaScriptCore:

        Reviewed by Adam, Sam, Darin.

        - Created a JSRetainPtr specifically for JSStringRefs so they can be automatically refed and derefed.

        * JavaScriptCore.xcodeproj/project.pbxproj:
        * kjs/JSRetainPtr.h: Copied from wtf/RetainPtr.h.
        (KJS::JSRetain):
        (KJS::JSRelease):
        (KJS::):
        (KJS::JSRetainPtr::JSRetainPtr):
        (KJS::JSRetainPtr::~JSRetainPtr):
        (KJS::JSRetainPtr::get):
        (KJS::JSRetainPtr::releaseRef):
        (KJS::JSRetainPtr::operator->):
        (KJS::JSRetainPtr::operator UnspecifiedBoolType):
        (KJS::::operator):
        (KJS::::adopt):
        (KJS::::swap):
        (KJS::swap):
        (KJS::operator==):
        (KJS::operator!=):

WebKitTools:

        Reviewed by Adam, Sam, Darin.

        - Separated what is platform dependant from what is not.  Creating the structure needed for Drosera for Win.

        * Drosera/Debugger.h: Added.
        * Drosera/DebuggerDocument.cpp:
        (DebuggerDocument::breakpointEditorHTMLCallback):
        (DebuggerDocument::isPausedCallback):
        (DebuggerDocument::pauseCallback):
        (DebuggerDocument::resumeCallback):
        (DebuggerDocument::stepIntoCallback):
        (DebuggerDocument::evaluateScriptCallback):
        (DebuggerDocument::currentFunctionStackCallback):
        (DebuggerDocument::localScopeVariableNamesForCallFrameCallback):
        (DebuggerDocument::valueForScopeVariableNamedCallback):
        (DebuggerDocument::logCallback):
        (DebuggerDocument::breakpointEditorHTML):
        (DebuggerDocument::isPaused):
        (DebuggerDocument::pause):
        (DebuggerDocument::resume):
        (DebuggerDocument::stepInto):
        (DebuggerDocument::evaluateScript):
        (DebuggerDocument::currentFunctionStack):
        (DebuggerDocument::localScopeVariableNamesForCallFrame):
        (DebuggerDocument::valueForScopeVariableNamed):
        (DebuggerDocument::log):
        (DebuggerDocument::toolbarPause):
        (DebuggerDocument::toolbarResume):
        (DebuggerDocument::toolbarStepInto):
        (DebuggerDocument::toolbarStepOver):
        (DebuggerDocument::toolbarStepOut):
        (DebuggerDocument::toolbarShowConsole):
        (DebuggerDocument::toolbarCloseCurrentFile):
        (DebuggerDocument::updateFileSource):
        (DebuggerDocument::didParseScript):
        (DebuggerDocument::willExecuteStatement):
        (DebuggerDocument::didEnterCallFrame):
        (DebuggerDocument::willLeaveCallFrame):
        (DebuggerDocument::exceptionWasRaised):
        (DebuggerDocument::windowScriptObjectAvailable):
        (DebuggerDocument::toJSArray):
        (DebuggerDocument::callGlobalFunction):
        (DebuggerDocument::callFunctionOnObject):
        (DebuggerDocument::getDroseraJSClass):
        (DebuggerDocument::staticFunctions):
        (DebuggerDocument::logException):
        * Drosera/DebuggerDocument.h:
        (DebuggerDocument::DebuggerDocument):
        * Drosera/ForwardingHeaders: Added.
        * Drosera/ForwardingHeaders/wtf: Added.
        * Drosera/ForwardingHeaders/wtf/Platform.h: Added.
        * Drosera/config.h:
        * Drosera/console.html:
        * Drosera/console.js:
        * Drosera/debugger.js:
        * Drosera/mac/DebuggerApplication.mm:
        (-[DebuggerApplication attach:]):
        * Drosera/mac/DebuggerDocumentMac.h:
        * Drosera/mac/DebuggerDocumentMac.mm:
        (+[NSString stringOrNilFromWebScriptResult:]):
        (+[DebuggerClientMac log:]):
        (-[DebuggerClientMac initWithServerName:]):
        (-[DebuggerClientMac dealloc]):
        (-[DebuggerClientMac pause]):
        (-[DebuggerClientMac resume]):
        (-[DebuggerClientMac pause:]):
        (-[DebuggerClientMac resume:]):
        (-[DebuggerClientMac stepInto:]):
        (-[DebuggerClientMac stepOver:]):
        (-[DebuggerClientMac stepOut:]):
        (-[DebuggerClientMac showConsole:]):
        (-[DebuggerClientMac closeCurrentFile:]):
        (-[DebuggerClientMac validateUserInterfaceItem:]):
        (-[DebuggerClientMac webView:windowScriptObjectAvailable:]):
        (-[DebuggerClientMac webView:didEnterCallFrame:sourceId:line:forWebFrame:]):
        (-[DebuggerClientMac webView:willExecuteStatement:sourceId:line:forWebFrame:]):
        (-[DebuggerClientMac webView:willLeaveCallFrame:sourceId:line:forWebFrame:]):
        (-[DebuggerClientMac webView:exceptionWasRaised:sourceId:line:forWebFrame:]):
        (DebuggerDocument::platformPause):
        (DebuggerDocument::platformResume):
        (DebuggerDocument::platformStepInto):
        (DebuggerDocument::platformEvaluateScript):
        (DebuggerDocument::platformCurrentFunctionStack):
        (DebuggerDocument::platformLocalScopeVariableNamesForCallFrame):
        (DebuggerDocument::platformValueForScopeVariableNamed):
        (DebuggerDocument::platformLog):
        * Drosera/mac/Drosera.xcodeproj/project.pbxproj:


------------------------------------------------------------------------
r25366 | mjs | 2007-09-05 01:15:06 -0400 (Wed, 05 Sep 2007) | 14 lines | No-merge, accidental commmit revert

        Back out accidentally committed change.

        * JavaScriptCore.xcodeproj/project.pbxproj:
        * kjs/collector.cpp:
        (KJS::Collector::registerThread):
        * wtf/FastMalloc.cpp:
        (WTF::fastMallocSetIsMultiThreaded):
        (WTF::TCMalloc_ThreadCache::GetCache):
        (WTF::TCMalloc_ThreadCache::GetCacheIfPresent):
        (WTF::TCMalloc_ThreadCache::CreateCacheIfNecessary):
        (WTF::do_malloc):
        * wtf/FastMallocInternal.h: Added.


------------------------------------------------------------------------
r25365 | mjs | 2007-09-05 01:01:03 -0400 (Wed, 05 Sep 2007) | 54 lines | MO: maybe-merge irrelevant cleanup (the KJS version)

        Reviewed by Darin.
        
        - Added Vector::appendRange(), which appends to a vector based on a given start and end iterator
        - Added keys() and values() functions to HashMap iterators, which give keys-only and values-only iterators
        
        Together, these allow easy copying of a set, or the keys or values of a map, into a Vector. Examples:
        
        HashMap<int, int> map;
        HashSet<int> set;
        Vector<int> vec;
        // ...
        vec.appendRange(set.begin(), set.end());
        vec.appendRange(map.begin().keys(), map.end().keys());
        vec.appendRange(map.begin().values(), map.end().values());

        This also allows for a slightly nicer syntax when iterating a map. Instead of saying 
        (*it)->first, you can say *it.values(). Similarly for keys. Example:
        
        HashMap<int, int>::const_iterator end = map.end();
        for (HashMap<int, int>::const_iterator it = map.begin(); it != end; ++it)
        printf(" [%d => %d]", *it.keys(), *it.values());

        * JavaScriptCore.xcodeproj/project.pbxproj:
        * wtf/HashIterators.h: Added.
        (WTF::):
        (WTF::HashTableConstKeysIterator::HashTableConstKeysIterator):
        (WTF::HashTableConstKeysIterator::get):
        (WTF::HashTableConstKeysIterator::operator*):
        (WTF::HashTableConstKeysIterator::operator->):
        (WTF::HashTableConstKeysIterator::operator++):
        (WTF::HashTableConstValuesIterator::HashTableConstValuesIterator):
        (WTF::HashTableConstValuesIterator::get):
        (WTF::HashTableConstValuesIterator::operator*):
        (WTF::HashTableConstValuesIterator::operator->):
        (WTF::HashTableConstValuesIterator::operator++):
        (WTF::HashTableKeysIterator::HashTableKeysIterator):
        (WTF::HashTableKeysIterator::get):
        (WTF::HashTableKeysIterator::operator*):
        (WTF::HashTableKeysIterator::operator->):
        (WTF::HashTableKeysIterator::operator++):
        (WTF::HashTableKeysIterator::operator HashTableConstKeysIterator<HashTableType, KeyType, MappedType>):
        (WTF::HashTableValuesIterator::HashTableValuesIterator):
        (WTF::HashTableValuesIterator::get):
        (WTF::HashTableValuesIterator::operator*):
        (WTF::HashTableValuesIterator::operator->):
        (WTF::HashTableValuesIterator::operator++):
        (WTF::HashTableValuesIterator::operator HashTableConstValuesIterator<HashTableType, KeyType, MappedType>):
        (WTF::operator==):
        (WTF::operator!=):
        * wtf/HashTable.h:
        * wtf/Vector.h:
        (WTF::::appendRange):


------------------------------------------------------------------------
r25321 | bdash | 2007-08-30 18:33:39 -0400 (Thu, 30 Aug 2007) | 21 lines | MO: maybe-merge, platform-specific, needs configury

2007-08-30  Riku Voipio  <[email protected]>

        Reviewed by Dave Kilzer.

        Better ARM defines.

        * kjs/ustring.h: Update comments to reflect the change and update test
        to fit changes to Platform.h.
        * wtf/Platform.h: Forced packing is only needed on oldabi ARM.
        Set middle-endian floats only for little-endian oldabi ARM.
        Set big-endian define for big-endian ARM.

2007-08-30  Riku Voipio  <[email protected]>

        Reviewed by Dave Kilzer.

        Better ARM defines.

        * platform/DeprecatedString.h: Update comments to reflect the
        change and update test to fit changes to Platform.h.

------------------------------------------------------------------------
r25296 | bdash | 2007-08-29 13:35:50 -0400 (Wed, 29 Aug 2007) | 10 lines | MO: merge, follow up tiny cleanup for portability fix

2007-08-29  Ryan Leavengood <[email protected]>

        Reviewed by Maciej.

        http://bugs.webkit.org/show_bug.cgi?id=15043
        - posix_memalign takes a void** as its first parameter. My port makes use of this function call.

        * kjs/collector.cpp:
        (KJS::allocateBlock):

------------------------------------------------------------------------
r25161 | kmccullo | 2007-08-20 18:05:25 -0400 (Mon, 20 Aug 2007) | 18 lines | MO: no-merge, our stack depth was bigger anyway

JavaScriptCore:

        Reviewed by Geoff and Adam.

        - Changing stack depth to 500 (from 100 on mac and win) to help out some apps specifically gmail.  <rdar://problem/3590522> JavaScript call stack limit of 99 is too small for some applications; needs to be closer to 500 (4045)

        * kjs/object.cpp:

LayoutTests:

        Reviewed by Geoff and Adam.

        - Changing stack depth toi 500 (from 100 in mac and win) to help out some apps specifically gmail.  <rdar://problem/3590522> JavaScript call stack limit of 99 is too small for some applications; needs to be closer to 500 (4045).

        * fast/js/deep-recursion-test-expected.txt: Added.
        * fast/js/deep-recursion-test.html: Added.


------------------------------------------------------------------------
r25085 | andrew | 2007-08-14 21:07:06 -0400 (Tue, 14 Aug 2007) | 56 lines | MO: maybe-merge, cleanup

JavaScriptCore:

        Reviewed by Darin.
        
        http://bugs.webkit.org/show_bug.cgi?id=14967 part 1 - Eliminate most implicit
        conversions of wtf::Vector<T> to T* by explicitly calling .data()

        * API/JSCallbackConstructor.cpp:
        (KJS::JSCallbackConstructor::construct):
        * API/JSCallbackFunction.cpp:
        (KJS::JSCallbackFunction::callAsFunction):
        * API/JSCallbackObject.cpp:
        (KJS::JSCallbackObject::construct):
        (KJS::JSCallbackObject::callAsFunction):
        * bindings/c/c_instance.cpp:
        (KJS::Bindings::CInstance::invokeMethod):
        (KJS::Bindings::CInstance::invokeDefaultMethod):
        * kjs/number_object.cpp:
        (integer_part_noexp):
        (char_sequence):
        * kjs/ustring.cpp:
        (KJS::UString::UTF8String):

WebCore:

        Reviewed by Darin.
        
        http://bugs.webkit.org/show_bug.cgi?id=14967 part 1 - Eliminate most implicit
        conversions of wtf::Vector<T> to T* by explicitly calling .data()

        * html/HTMLSelectElement.cpp:
        (WebCore::HTMLSelectElement::saveState):
        * platform/KURL.cpp:
        (WebCore::KURL::KURL):
        (WebCore::KURL::init):
        (WebCore::KURL::decode_string):
        (WebCore::KURL::parse):
        (WebCore::KURL::encode_string):
        * platform/cf/KURLCFNet.cpp:
        (WebCore::KURL::KURL):
        * platform/mac/KURLMac.mm:
        (WebCore::KURL::KURL):
        * rendering/RenderFrameSet.cpp:
        (WebCore::RenderFrameSet::layOutAxis):

win:

        Reviewed by Darin.
        
        http://bugs.webkit.org/show_bug.cgi?id=14967 part 1 - Eliminate most implicit
        conversions of wtf::Vector<T> to T* by explicitly calling .data()

        * WebView.cpp:
        (getCompositionString):


------------------------------------------------------------------------
r25078 | darin | 2007-08-14 18:19:04 -0400 (Tue, 14 Aug 2007) | 12 lines | MO: follow up to 24919

        Reviewed by Sam.

        - fix <rdar://problem/5410570> Global initializer introduced by use of std::numeric_limits in r24919

        * kjs/ustring.cpp:
        (KJS::overflowIndicator): Turned into a function.
        (KJS::maxUChars): Ditto.
        (KJS::allocChars): Use the functions.
        (KJS::reallocChars): Ditto.
        (KJS::UString::expandedSize): Ditto.


------------------------------------------------------------------------
r25026 | darin | 2007-08-12 22:42:17 -0400 (Sun, 12 Aug 2007) | 47 lines | MO: merge, bugfix

JavaScriptCore:

        Reviewed by Maciej.

        - fix http://bugs.webkit.org/show_bug.cgi?id=14931
          <rdar://problem/5403816> JavaScript regular expression non-participating capturing parentheses
          fail in 3 different ways

        Test: fast/js/regexp-non-capturing-groups.html

        * kjs/string_object.cpp:
        (KJS::replace): Add missing code to handle undefined backreferences; before we'd get the empty string
        instead of a JavaScript "undefined" value.
        (KJS::StringProtoFunc::callAsFunction): Implemented backreference support for split.
        * pcre/pcre_exec.c: (match): Made backreferences to undefined groups match the empty string instead
        of always failing. Only in JAVASCRIPT mode.

        * tests/mozilla/expected.html: Add a new expected test success, since this fixed one test result.

LayoutTests:

        Reviewed by Maciej.

        - test for http://bugs.webkit.org/show_bug.cgi?id=14931
          JavaScript regular expression non-participating capturing groups behave incorrectly in edge cases

        * fast/js/regexp-non-capturing-groups-expected.txt: Added.
        * fast/js/regexp-non-capturing-groups.html: Added.
        * fast/js/resources/regexp-non-capturing-groups.js: Added.

        * fast/js/resources/js-test-pre.js: Updated to add a special case for array
        results, since there are some array results in the test. Also cut down on the
        verbosity of failures when the type of the actual result is the same as the type
        of the expected result. And get rid of the special case function just for NaN.

        * fast/js/regexp-unicode-overflow.html: Let the make-js-test-wrappers script
        regenerate this file (it removed one of the trailing newlines).

        * fast/js/kde/encode_decode_uri-expected.txt: This test now passes. I'm not sure
        why it was failing before.

        * fast/js/char-at-expected.txt: Removed all the periods at the end of NaN
        test PASS messages; they are now consistent with all the other tests.
        * fast/js/date-parse-comments-test-expected.txt: Ditto.
        * fast/js/date-parse-test-expected.txt: Ditto.


------------------------------------------------------------------------
r24924 | weinig | 2007-08-08 01:43:11 -0400 (Wed, 08 Aug 2007) | 26 lines | MO: merge, bugfix

JavaScriptCore:

        Reviewed by Oliver.

        Fix for http://bugs.webkit.org/show_bug.cgi?id=14897
        Decompilation of double negation fails and produces invalid or incorrect code

        Test: fast/js/function-decompilation-operators.html

        * kjs/nodes2string.cpp:
        (UnaryPlusNode::streamTo): Put space after unary operator.  Matches Firefox.
        (NegateNode::streamTo): Diito.
        (MultNode::streamTo): Put spaces around binary operator.  Matches Firefox.
        (AddNode::streamTo): Ditto.

LayoutTests:

        Reviewed by Oliver.

        Test for http://bugs.webkit.org/show_bug.cgi?id=14897
        Decompilation of double negation fails and produces invalid or incorrect code

        * fast/js/function-decompilation-operators-expected.txt: Added.
        * fast/js/function-decompilation-operators.html: Added.


------------------------------------------------------------------------
r24919 | darin | 2007-08-07 20:45:39 -0400 (Tue, 07 Aug 2007) | 38 lines | MO: followup, probably defer, complex

        Reviewed by Adele.

        - fix <rdar://problem/5383104> REGRESSION: XHR.responseText is null instead of empty string
          in http/tests/xmlhttprequest/zero-length-response.html

        The new code to handle out of memory conditions was turning a "" into a null string.

        * kjs/ustring.h: Removed UCharReference, which has long been obsolete and unused.
        Removed copyForWriting, which was only used for the upper/lowercasing code and for
        UCharReference.
        * kjs/ustring.cpp:
        (KJS::allocChars): Removed special case that made this fail (return 0) when passed 0.
        Instead assert that we're not passed 0. Also added an overflow check for two reasons:
        1) for sizes that aren't checked this prevents us from allocating a buffer that's too
        small, and 2) for sizes where we overflowed in the expandedSize function and returned
        overflowIndicator, it guarantees we fail.
        (KJS::reallocChars): Ditto.
        (KJS::UString::expandedSize): Return a large number, overflowIndicator, rather than 0
        for cases where we overflow.
        (KJS::UString::spliceSubstringsWithSeparators): Added a special case for empty string so
        we don't call allocChars with a length of 0.
        (KJS::UString::operator=): Added special characters for both 0 and empty string so we
        match the behavior of the constructor. This avoids calling allocChars with a length of 0
        and making a null string rather than an empty string in that case, and also matches the
        pattern used in the rest of the functions.
        (KJS::UString::operator[]): Made the return value const so code that tries to use the
        operator to modify the string will fail.

        * kjs/string_object.cpp: (KJS::StringProtoFunc::callAsFunction): Rewrote uppercasing and
        lowercasing functions so they don't need copyForWriting any more -- it wasn't really doing
        any good for optimization purposes. Instead use a Vector and releaseBuffer.

        * wtf/unicode/icu/UnicodeIcu.h: Eliminate one of the versions of toLower/toUpper -- we now
        only need the version where both a source and destination buffer is passed in, not the one
        that works in place.
        * wtf/unicode/qt4/UnicodeQt4.h: Ditto.


------------------------------------------------------------------------
r24904 | weinig | 2007-08-07 02:21:55 -0400 (Tue, 07 Aug 2007) | 23 lines | MO: no-merge: already there

JavaScriptCore:

        Reviewed by Oliver.

        Fix for http://bugs.webkit.org/show_bug.cgi?id=14891
        Decompilation of try block immediately following "else" fails

        Test: fast/js/toString-try-else.html

        * kjs/nodes2string.cpp:
        (TryNode::streamTo): Add newline before else.

LayoutTests:

        Reviewed by Oliver.

        Test for http://bugs.webkit.org/show_bug.cgi?id=14891
        Decompilation of try block immediately following "else" fails

        * fast/js/toString-try-else-expected.txt: Added.
        * fast/js/toString-try-else.html: Added.


------------------------------------------------------------------------
r24897 | bdash | 2007-08-06 21:45:53 -0400 (Mon, 06 Aug 2007) | 17 lines | MO: irrelevant, could be merged to sync

2007-08-07  Mark Rowe  <[email protected]>

        Reviewed by Maciej.

        <rdar://problem/5388774> REGRESSION: Hang occurs after clicking "Attach a file " link in a new .Mac message

        Attempting to acquire the JSLock inside CollectorHeap::forceLock can lead to a deadlock if the thread currently
        holding the lock is waiting on the thread that is forking.  It is not considered safe to use system frameworks
        after a fork without first execing[*] so it is not particularly important to ensure that the collector and
        fastMalloc allocators are unlocked in the child process.  If the child process wishes to use JavaScriptCore it
        should exec after forking like it would to use any other system framework.
        [*]: <http://lists.apple.com/archives/Cocoa-dev/2005/Jan/msg00676.html>

        * kjs/CollectorHeapIntrospector.cpp: Remove forceLock and forceUnlock implementations.
        * kjs/CollectorHeapIntrospector.h: Stub out forceLock and forceUnlock methods.
        * wtf/FastMalloc.cpp: Ditto.

------------------------------------------------------------------------
r24885 | darin | 2007-08-06 15:34:01 -0400 (Mon, 06 Aug 2007) | 6 lines | MO: merge if applies, assertion check

        Rubber stamped by Geoff.

        * kjs/ustring.h: Added an assertion which would have helped us find the
        previous bug more easily.


------------------------------------------------------------------------
r24881 | pewtermoose | 2007-08-06 01:48:32 -0400 (Mon, 06 Aug 2007) | 6 lines | MO: follow up compile check, merge if applies

        Not reviewed, build fix.

        * kjs/string_object.cpp:
        (KJS::StringProtoFunc::callAsFunction):


------------------------------------------------------------------------
r24874 | darin | 2007-08-05 06:16:41 -0400 (Sun, 05 Aug 2007) | 14 lines | MO: may be merge. Nice asserts, may need adjustment for non-thread build

        Reviewed by Maciej.

        - fix <rdar://problem/5371862> crash in Dashcode due to Quartz Composer JavaScript garbage collector reentrancy

        * API/JSBase.cpp: (JSGarbageCollect): Don't call collector() if isBusy() returns true.

        * kjs/collector.h: Added isBusy(), removed the unused return value from collect()
        * kjs/collector.cpp: Added an "operation in progress" flag to the allocator.
        (KJS::Collector::allocate): Call abort() if an operation is already in progress. Set the new flag instead
        of using the debug-only GCLock.
        (KJS::Collector::collect): Ditto.
        (KJS::Collector::isBusy): Added.


------------------------------------------------------------------------
r24873 | mjs | 2007-08-05 01:20:35 -0400 (Sun, 05 Aug 2007) | 11 lines | MO: follow up to string cost accounting. must-merge if that's merged

        Reviewed by Darin and Adam.
        
        <rdar://problem/5368990> REGRESSION: newsgator.com sign-on 6x slower than Safari 3 beta due to GC changes (14808)

        * kjs/string_object.cpp:
        (KJS::replace): if the string didn't change (very common in some cases) reuse the original string value.
        (KJS::StringProtoFunc::callAsFunction): Pass in the StringImp* when replacing, not just the UString.
        * kjs/string_object.h:
        (KJS::StringInstance::internalValue): covariant override to return StringImp for convenience


------------------------------------------------------------------------
r24868 | bdash | 2007-08-04 04:58:35 -0400 (Sat, 04 Aug 2007) | 33 lines | no-merge, no CollectorHeapIntrospector for us

2007-08-04  Mark Rowe  <[email protected]>

        Reviewed by Oliver Hunt.

        <rdar://problem/5385145> r24843 introduces a crash on calling fork() (14878)
        http://bugs.webkit.org/show_bug.cgi?id=14878

        Provide nooop functions for all members of the malloc_zone_t and malloc_introspection_t structures that we
        register to avoid crashes in system code that assumes they will be non-null.

        * kjs/CollectorHeapIntrospector.cpp:
        (KJS::CollectorHeapIntrospector::CollectorHeapIntrospector):
        (KJS::CollectorHeapIntrospector::forceLock): Grab the lock.
        (KJS::CollectorHeapIntrospector::forceUnlock): Release the lock.
        * kjs/CollectorHeapIntrospector.h:
        (KJS::CollectorHeapIntrospector::goodSize):
        (KJS::CollectorHeapIntrospector::check):
        (KJS::CollectorHeapIntrospector::print):
        (KJS::CollectorHeapIntrospector::log):
        (KJS::CollectorHeapIntrospector::statistics):
        (KJS::CollectorHeapIntrospector::size):
        (KJS::CollectorHeapIntrospector::zoneMalloc):
        (KJS::CollectorHeapIntrospector::zoneCalloc):
        (KJS::CollectorHeapIntrospector::zoneFree):
        * wtf/FastMalloc.cpp:
        (WTF::FastMallocZone::goodSize):
        (WTF::FastMallocZone::check):
        (WTF::FastMallocZone::print):
        (WTF::FastMallocZone::log):
        (WTF::FastMallocZone::forceLock): Grab the TCMalloc locks.
        (WTF::FastMallocZone::forceUnlock): Release the TCMalloc locks.
        (WTF::FastMallocZone::FastMallocZone):

------------------------------------------------------------------------
r24843 | bdash | 2007-08-03 12:21:44 -0400 (Fri, 03 Aug 2007) | 59 lines | MO: no-merge, seems platform specific -- but may be can be used to teach VG things

2007-08-02  Mark Rowe  <[email protected]>

        Reviewed by Geoff Garen.

        <rdar://problem/4212199> 'leaks' reports false leaks in WebKit (because the WTF allocator uses mmap?)

        Implement malloc zone introspection routines to allow leaks, heap, and friends to request information
        about specific memory regions that were allocated by FastMalloc or the JavaScriptCore collector.

        This requires tool-side support before the regions will be displayed.  The addition of that support is
        tracked by <rdar://problems/5353057&5353060>.

        * JavaScriptCore.exp: Export the two variables that are used by leaks to introspect the allocators.
        * JavaScriptCore.xcodeproj/project.pbxproj:
        * kjs/AllInOneFile.cpp:
        * kjs/CollectorZone.cpp: Added.
        (KJS::):
        (KJS::CollectorZone::registerZone):
        (KJS::CollectorZone::CollectorZone): Create and register our zone with the system.
        (KJS::CollectorZone::zoneEnumerator): Iterate over the CollectorBlocks that are in use and report them to the caller as being used.
        * kjs/CollectorZone.h: Added.
        (KJS::CollectorZone::zoneObjectSize): Return zero to indicate the specified pointer does not belong to this zone.
        * kjs/collector.cpp:
        (KJS::Collector::registerThread): Register the CollectorZone with the system when the first thread is registered with the collector.
        * wtf/FastMalloc.cpp:
        (WTF::TCMalloc_PageHeap::GetDescriptorEnsureSafe):
        (WTF::TCMalloc_ThreadCache_FreeList::enumerateFreeObjects): Enumerate the objects on the free list.
        (WTF::TCMalloc_ThreadCache::enumerateFreeObjects): Ditto.
        (WTF::TCMalloc_Central_FreeList::enumerateFreeObjects): Ditto.
        (WTF::TCMalloc_ThreadCache::InitModule): Register the FastMallocZone with the system when initializing TCMalloc.
        (WTF::FreeObjectFinder::FreeObjectFinder):
        (WTF::FreeObjectFinder::visit): Add an object to the free list.
        (WTF::FreeObjectFinder::isFreeObject):
        (WTF::FreeObjectFinder::freeObjectCount):
        (WTF::FreeObjectFinder::findFreeObjects): Find the free objects within a thread cache or free list.
        (WTF::PageMapFreeObjectFinder::PageMapFreeObjectFinder): Find the free objects within a TC_PageMap.
        (WTF::PageMapFreeObjectFinder::visit): Called once per allocated span.  Record whether the span or any subobjects are free.
        (WTF::PageMapMemoryUsageRecorder::PageMapMemoryUsageRecorder):
        (WTF::PageMapMemoryUsageRecorder::visit): Called once per allocated span.  Report the range of memory as being allocated, and the span or
        it's subobjects as being used if they do not appear on the free list.
        (WTF::FastMallocZone::zoneEnumerator): Map the key remote TCMalloc data structures into our address space.  We then locate all free memory ranges
        before reporting the other ranges as being in use.
        (WTF::FastMallocZone::zoneObjectSize): Determine whether the given pointer originates from within our allocation zone.  If so,
        we return its allocation size.
        (WTF::FastMallocZone::zoneMalloc):
        (WTF::FastMallocZone::zoneCalloc):
        (WTF::FastMallocZone::zoneFree):
        (WTF::FastMallocZone::zoneRealloc):
        (WTF::):
        (WTF::FastMallocZone::FastMallocZone): Create and register our zone with the system.
        (WTF::FastMallocZone::registerZone):
        * wtf/MallocZoneSupport.h: Added.
        (WTF::RemoteMemoryReader::RemoteMemoryReader): A helper class to ease the process of mapping memory in a different process into
        our local address space
        (WTF::RemoteMemoryReader::operator()):
        * wtf/TCPageMap.h:
        (TCMalloc_PageMap2::visit): Walk over the heap and visit each allocated span.
        (TCMalloc_PageMap3::visit): Ditto.

------------------------------------------------------------------------
r24821 | bdash | 2007-08-02 05:49:12 -0400 (Thu, 02 Aug 2007) | 7 lines | MO: follow up, merge is r23820 merged

2007-08-02  Mark Rowe  <[email protected]>

        Build fix.

        * kjs/ustring.cpp:
        (KJS::UString::expandedSize):  Use std::numeric_limits<size_t>::max() rather than the non-portable SIZE_T_MAX.

------------------------------------------------------------------------
r24820 | bdash | 2007-08-02 05:33:22 -0400 (Thu, 02 Aug 2007) | 39 lines | MO: MUST MERGE, security implications (but want more asserts)

2007-08-02  Mark Rowe  <[email protected]>

        Reviewed by Maciej.

        <rdar://problem/5352887> "Out of memory" error during repeated JS string concatenation leaks hundreds of MBs of RAM

        A call to fastRealloc was failing which lead to UString::expandCapacity leaking the buffer it was trying to reallocate.
        It also resulted in the underlying UString::rep having both a null baseString and buf field, which meant that attempting
        to access the contents of the string after the failed memory reallocation would crash.

        A third issue is that expandedSize size was calculating the new length in a way that led to an integer overflow occurring.
        Attempting to allocate a string more than 190,000,000 characters long would fail a the integer overflow would lead to a
        memory allocation of around 3.6GB being attempted rather than the expected 390MB.  Sizes that would lead to an overflow
        are now  returned as zero and callers are updated to treat this as though the memory allocation has failed.

        * kjs/array_object.cpp:
        (ArrayProtoFunc::callAsFunction): Check whether the append failed and raise an "Out of memory" exception if it did.
        * kjs/ustring.cpp:
        (KJS::allocChars): Wrapper around fastMalloc that takes a length in characters.  It will return 0 when asked to allocate a zero-length buffer.
        (KJS::reallocChars): Wrapper around fastRealloc that takes a length in characters.  It will return 0 when asked to allocate a zero-length buffer.
        (KJS::UString::expandedSize): Split the size calculation in two and guard against overflow during each step.
        (KJS::UString::expandCapacity): Don't leak r->buf if reallocation fails.  Instead free the memory and use the null representation.
        (KJS::UString::expandPreCapacity): If fastMalloc fails then use the null representation rather than crashing in memcpy.
        (KJS::UString::UString): If calls to expandCapacity, expandPreCapacity or fastMalloc fail then use the null representation rather than crashing in memcpy.
        (KJS::UString::append): Ditto.
        (KJS::UString::operator=): Ditto.
        * kjs/ustring.h: Change return type of expandedSize from int to size_t.

2007-08-02  Mark Rowe  <[email protected]>

        Reviewed by Maciej.

        <rdar://problem/5352887> "Out of memory" error during repeated JS string concatenation leaks hundreds of MBs of RAM

        Update test to check that accessing the string after the "Out of memory" exception was raised does not crash.

        * fast/js/resources/string-concatenate-outofmemory.js:
        * fast/js/string-concatenate-outofmemory-expected.txt:

------------------------------------------------------------------------
r24715 | hausmann | 2007-07-27 04:34:00 -0400 (Fri, 27 Jul 2007) | 2 lines | MO: maybe-merge, portability fix

Fix compilation with Qt on Windows with MingW: Implemented currentThreadStackBase() for this platform.

------------------------------------------------------------------------
r24714 | hausmann | 2007-07-27 04:33:49 -0400 (Fri, 27 Jul 2007) | 2 lines | MO: not sure, date stuff

Fix compilation with Qt on Windows with MingW: The MingW headers do not provide a prototype for a reentrant version of localtime. But since we don't use multiple threads for the Qt build we can use the plain localtime() function.

------------------------------------------------------------------------
r24710 | hausmann | 2007-07-27 04:33:05 -0400 (Fri, 27 Jul 2007) | 2 lines | MO: not sure, we probably don't want Qt platform to avoid confusion

Implemented currentTime() in the interpreter by using QDateTime, so that we don't need timeGetTime() on Windows and therefore also don't need to link against Winmm.dll.

------------------------------------------------------------------------
r24693 | hausmann | 2007-07-27 04:29:44 -0400 (Fri, 27 Jul 2007) | 2 lines | MO: DO NOT MERGE, broken

Don't use pthread.h unless thread support is enabled.

------------------------------------------------------------------------
r24637 | mjs | 2007-07-25 21:50:54 -0400 (Wed, 25 Jul 2007) | 24 lines | MO: follow up, merge is 24633 is

JavaScriptCore:

        Reviewed by Mark.

        - follow-up to previous change
        
        * kjs/ustring.cpp:
        (KJS::UString::operator=): Make sure to reset the length when
        replacing the buffer contents for a single-owned string.

WebCore:

        Reviewed by Mark.

        - follow-up to previous change to avoid assertion failures in debug
        
        * xml/XMLHttpRequest.cpp:
        (WebCore::XMLHttpRequest::getResponseText): hold JSLock when needed
        (WebCore::XMLHttpRequest::open): ditto
        (WebCore::XMLHttpRequest::didFinishLoading): ditto
        (WebCore::XMLHttpRequest::didReceiveData): ditto
        * xml/XMLHttpRequest.h:


------------------------------------------------------------------------
r24633 | mjs | 2007-07-25 17:50:00 -0400 (Wed, 25 Jul 2007) | 133 lines  | MO: very nice change (with follow ups), r24637, r24919, 24873, but
                                                                         | MO: perhaps post-4.0, need to asses BC implications

JavaScriptCore:

        Reviewed by Darin.
        
        - JavaScriptCore part of fix for <rdar://problem/5300291> Optimize GC to reclaim big, temporary objects (like XMLHttpRequest.responseXML) quickly
        
        Also, as a side effect of optimizations included in this patch:
        - 7% speedup on JavaScript iBench
        - 4% speedup on "Celtic Kane" JS benchmark
        
        The basic idea is explained in a big comment in collector.cpp. When unusually 
        large objecs are allocated, we push the next GC closer on the assumption that
        most objects are short-lived.
        
        I also did the following two optimizations in the course of tuning
        this not to be a performance regression:

        1) Change UString::Rep to hold a self-pointer as the baseString in
        the unshared case, instead of a null pointer; this removes a
        number of null checks in hot code because many places already
        wanted to use the rep itself or the baseString as appropriate.
        
        2) Avoid creating duplicate StringImpls when creating a
        StringInstance (the object wrapper for a JS string) or calling
        their methods. Since a temporary wrapper object is made every time
        a string method is called, this resulted in two useless extra
        StringImpls being allocated for no reason whenever a String method
        was invoked on a string value. Now we bypass those.
        
        * kjs/collector.cpp:
        (KJS::):
        (KJS::Collector::recordExtraCost): Basics of the extra cost mechanism.
        (KJS::Collector::allocate): ditto
        (KJS::Collector::collect): ditto
        * kjs/collector.h:
        (KJS::Collector::reportExtraMemoryCost): ditto
        * kjs/array_object.cpp:
        (ArrayInstance::ArrayInstance): record extra cost
        * kjs/internal.cpp:
        (KJS::StringImp::toObject): don't create a whole new StringImpl just
        to be the internal value of a StringInstance! StringImpls are immutable
        so there's no point tot his.
        * kjs/internal.h:
        (KJS::StringImp::StringImp): report extra cost
        * kjs/string_object.cpp:
        (KJS::StringInstance::StringInstance): new version that takes a StringImp
        (KJS::StringProtoFunc::callAsFunction): don't create a whole new StringImpl
        just to convert self to string! we already have one in the internal value
        * kjs/string_object.h: report extra cost        
        * kjs/ustring.cpp: All changes to handle baseString being self instead of null in the 
        unshared case.
        (KJS::):
        (KJS::UString::Rep::create):
        (KJS::UString::Rep::destroy):
        (KJS::UString::usedCapacity):
        (KJS::UString::usedPreCapacity):
        (KJS::UString::expandCapacity):
        (KJS::UString::expandPreCapacity):
        (KJS::UString::UString):
        (KJS::UString::append):
        (KJS::UString::operator=):
        (KJS::UString::copyForWriting):
        * kjs/ustring.h:
        (KJS::UString::Rep::baseIsSelf): new method, now that baseString is
        self instead of null in the unshared case we can't just null check.
        (KJS::UString::Rep::data): adjusted as mentioned above
        (KJS::UString::cost): new method to compute the cost for a UString, for
        use by StringImpl.

        * kjs/value.cpp:
        (KJS::jsString): style fixups.
        (KJS::jsOwnedString): new method, use this for strings allocated from UStrings
        held by the parse tree. Tracking their cost as part of string cost is pointless,
        because garbage collecting them will not actually free the relevant string buffer.
        * kjs/value.h: prototyped jsOwnedString.
        * kjs/nodes.cpp:
        (StringNode::evaluate): use jsOwnedString as appropriate
        (RegExpNode::evaluate): ditto
        (PropertyNameNode::evaluate): ditto
        (ForInNode::execute): ditto
        
        * JavaScriptCore.exp: Exported some new symbols.

WebCore:

        Reviewed by Darin.

        - fixed <rdar://problem/5300291> Optimize GC to reclaim big, temporary objects (like XMLHttpRequest.responseXML) quickly
        
        With this plus related JavaScriptCore changes, a number of XMLHttpRequest situations that
        result in huge data sets are addressed, including a single huge responseXML on an XMR done
        repeatedly, or accessing responseText repeatedly during loading of a single large XHR.
        
        In addition to the GC changes in JavaScriptCore, I changed responseText to be stored as a
        KJS::UString instead of a WebCore::String so that the JavaScript responseText value can
        share the buffer (indeed multiple intermediate responseTexts can share its buffer).

        
        First of all, here's some manual test cases that will each blow out the process VM without this fix,
        but will settle into decent steady state with.
        
        * manual-tests/memory: Added.
        * manual-tests/memory/MessageUidsAlreadyDownloaded2: Added.
        * manual-tests/memory/string-growth.html: Added.
        * manual-tests/memory/xhr-multiple-requests-responseText.html: Added.
        * manual-tests/memory/xhr-multiple-requests-responseXML.html: Added.
        * manual-tests/memory/xhr-multiple-requests.html: Added.
        * manual-tests/memory/xhr-repeated-string-access.xml: Added.

        And here's the actual code changes:
        
        * WebCore.xcodeproj/project.pbxproj:
        * bindings/js/JSDocumentCustom.cpp:
        (WebCore::toJS): Record extra cost if the document is frameless (counting the nodes
        doesn't make a measurable performance difference here in any case I could find)
        * bindings/js/JSXMLHttpRequest.cpp:
        (KJS::JSXMLHttpRequest::getValueProperty): Adjust for the fact that ressponseText
        is now stored as a UString.
        * bindings/js/kjs_binding.cpp:
        (KJS::jsOwnedStringOrNull): New helper.
        * bindings/js/kjs_binding.h:
        * xml/XMLHttpRequest.cpp:
        (WebCore::XMLHttpRequest::getResponseText): It's a UString!
        (WebCore::XMLHttpRequest::getResponseXML): handle the fact that m_responseText
        is a UString.
        (WebCore::XMLHttpRequest::XMLHttpRequest): ditto.
        (WebCore::XMLHttpRequest::abort): call dropProtection
        (WebCore::XMLHttpRequest::didFinishLoading): call dropProtection
        (WebCore::XMLHttpRequest::dropProtection): after removing our GC protection,
        report extra cost of this XHR's responseText buffer.
        * xml/XMLHttpRequest.h:


------------------------------------------------------------------------
r24534 | mjs | 2007-07-23 06:26:02 -0400 (Mon, 23 Jul 2007) | 8 lines | MO: looks questionable, likely to be irrelevant with VarDeclNode execution fixes

        Reviewed by Oliver.
        
        - fix remaining problems with Window shadowing

        * kjs/nodes.cpp:
        (VarDeclNode::evaluate): Tweak the special case a little.


------------------------------------------------------------------------
r24533 | mjs | 2007-07-23 04:48:04 -0400 (Mon, 23 Jul 2007) | 8 lines | MO: looks questionable, likely to be irrelevant with VarDeclNode execution fixes

        Reviewed by Oliver.
        
        - fix Window shadowing regressions caused by the previous commit.

        * kjs/nodes.cpp:
        (VarDeclNode::evaluate): Handle the case of global scope specially.


------------------------------------------------------------------------
r24532 | mjs | 2007-07-23 03:10:35 -0400 (Mon, 23 Jul 2007) | 20 lines | MO: redundant w/how I'd merge other code.

        Reviewed by Darin.

        -fixed <rdar://problem/5353293> REGRESSION (r24287): 1% i-Bench JS slowdown from JavaScript compatibility fix (14719)
        http://bugs.webkit.org/show_bug.cgi?id=14719
        
        My fix for this actually resulted in JS iBench being 1% faster than before the regression
        and the Celtic Kane benchmark being 5% faster than before the regression.
        
        * kjs/nodes.cpp:
        (VarDeclNode::handleSlowCase): factored out the slow code path to be out of line.
        (VarDeclNode::evaluate): I did a couple of things:
        (1) Don't check if the variable is already declared by looking for the property in
        the variable object, that code path was dead code.
        (2) Special-case the common case where the top of the scope and the variable object
        are the same; in that case the variable must always be in the variable object.
        (3) Don't return a jsString() of the variable name, nothing uses the return value
        from this node types evaluate method.
        * kjs/nodes.h:


------------------------------------------------------------------------
r24457 | ggaren | 2007-07-19 22:12:54 -0400 (Thu, 19 Jul 2007) | 25 lines | MO: merge if Harri approves. Don't know how semi-colon insertion works. 

JavaScriptCore:

        Reviewed by Darin Adler.
        
        Fixed http://bugs.webkit.org/show_bug.cgi?id=10880 | <rdar://problem/5335694>
        REGRESSION: JavaScript menu doesn't appear on pricepoint.com (14595)
        
        Though the ECMA spec says auto-semicolon insertion should not occur
        without a newline or '}', Firefox treats do-while specially, and the
        library used by pricepoint.com requires that special treatment.
        
        * JavaScriptCore.xcodeproj/project.pbxproj:
        * kjs/grammar.y:

LayoutTests:

        Reviewed by Darin Adler.
        
        Test for http://bugs.webkit.org/show_bug.cgi?id=10880 | <rdar://problem/5335694>
        REGRESSION: JavaScript menu doesn't appear on pricepoint.com (14595)
        
        * fast/js/do-while-without-semicolon-expected.txt: Added.
        * fast/js/do-while-without-semicolon.html: Added.


------------------------------------------------------------------------
r24453 | darin | 2007-07-19 17:10:40 -0400 (Thu, 19 Jul 2007) | 50 lines | MO: can't merge, we don't fork things

        Reviewed by Geoff.

        - fix <rdar://problem/5345440> PCRE computes wrong length for expressions with quantifiers
          on named recursion or subexpressions

        It's challenging to implement proper preflighting for compiling these advanced features.
        But we don't want them in the JavaScript engine anyway.

        Turned off the following features of PCRE (some of these are simply parsed and not implemented):

            \C \E \G \L \N \P \Q \U \X \Z
            \e \l \p \u \z
            [::] [..] [==]
            (?#) (?<=) (?<!) (?>)
            (?C) (?P) (?R)
            (?0) (and 1-9)
            (?imsxUX)

        Added the following:

            \u \v

        Because of \v, the js1_2/regexp/special_characters.js test now passes.

        To be conservative, I left some features that JavaScript doesn't want, such as
        \012 and \x{2013}, in place. We can revisit these later; they're not directly-enough
        related to avoiding the incorrect preflighting.

        I also didn't try to remove unused opcodes and remove code from the execution engine.
        That could save code size and speed things up a bit, but it would require more changes.

        * kjs/regexp.h:
        * kjs/regexp.cpp: (KJS::RegExp::RegExp): Remove the sanitizePattern workaround for
        lack of \u support, since the PCRE code now has \u support.

        * pcre/pcre-config.h: Set JAVASCRIPT to 1.
        * pcre/pcre_internal.h: Added ESC_v.

        * pcre/pcre_compile.c: Added a different escape table for when JAVASCRIPT is set that
        omits all the escapes we don't want interpreted and includes '\v'.
        (check_escape): Put !JAVASCRIPT around the code for '\l', '\L', '\N', '\u', and '\U',
        and added code to handle '\u2013' inside JAVASCRIPT.
        (compile_branch): Put !JAVASCRIPT if around all the code implementing the features we
        don't want.
        (pcre_compile2): Ditto.

        * tests/mozilla/expected.html: Updated since js1_2/regexp/special_characters.js now
        passes.


------------------------------------------------------------------------
r24394 | darin | 2007-07-17 22:25:38 -0400 (Tue, 17 Jul 2007) | 37 lines | MO: may-merge, pedantic/corner-case change

JavaScriptCore:

        Reviewed by Darin, Maciej, and Adam.

        Fixes <http://bugs.webkit.org/show_bug.cgi?id=9697>,
              the failure of ecma/GlobalObject/15.1.2.2-2.js,
              the failure of ecma/LexicalConventions/7.7.3-1.js,
              and most of the failures of tests in ecma/TypeConversion/9.3.1-3.js.

        Bug 9697: parseInt results may be inaccurate for numbers greater than 2^53

        This patch also fixes similar issues in the lexer and UString::toDouble().

        * kjs/function.cpp:
        (KJS::parseIntOverflow):
        (KJS::parseInt):
        * kjs/function.h:
        * kjs/lexer.cpp:
        (KJS::Lexer::lex):
        * kjs/ustring.cpp:
        (KJS::UString::toDouble):
        * tests/mozilla/expected.html:

LayoutTests:

        Reviewed by Darin.

        Added tests for:
        http://bugs.webkit.org/show_bug.cgi?id=9697

        Bug 9697: parseInt results may be inaccurate for numbers greater than 2^53

        * fast/js/numeric-conversion-expected.txt: Added.
        * fast/js/numeric-conversion.html: Added.
        * fast/js/resources/numeric-conversion.js: Added.


------------------------------------------------------------------------
r24287 | bdash | 2007-07-14 13:04:03 -0400 (Sat, 14 Jul 2007) | 32 lines | MO: sorta merge -- tied in fix fixing up VarDeclNode and catch scoping. Testcases! Testcases! Get your hot new testcases!

2007-07-14  Cameron Zwarich  <[email protected]>

        Reviewed by Darin.

        Fixes http://bugs.webkit.org/show_bug.cgi?id=13517,
              http://bugs.webkit.org/show_bug.cgi?id=14237, and
              the failure of test js1_5/Scope/regress-185485.js

        Bug 13517: DOM Exception 8 in finance.aol.com sub-page
        Bug 14237: Javascript "var" statement interprets initialization in the topmost function scope

        * kjs/nodes.cpp:
        (VarDeclNode::evaluate):
        * tests/mozilla/expected.html:

2007-07-14  Cameron Zwarich  <[email protected]>

        Reviewed by Darin.

        Added tests for the following bugs:
        http://bugs.webkit.org/show_bug.cgi?id=13517
        http://bugs.webkit.org/show_bug.cgi?id=14237

        Bug 13517: DOM Exception 8 in finance.aol.com sub-page
        Bug 14237: Javascript "var" statement interprets initialization in the topmost function scope

        * fast/js/resources/vardecl-blocks-init.js: Added.
        * fast/js/resources/vardecl-preserve-arguments.js: Updated.
        * fast/js/vardecl-blocks-init-expected.txt: Added.
        * fast/js/vardecl-blocks-init.html: Added.
        * fast/js/vardecl-preserve-arguments-expected.txt: Updated result.

------------------------------------------------------------------------
r24244 | ap | 2007-07-12 15:14:58 -0400 (Thu, 12 Jul 2007) | 9 lines | MO: no merge, already fixed 

        Reviewed by Mitz.

        http://bugs.webkit.org/show_bug.cgi?id=14596
        Fix JSC compilation with KJS_VERBOSE.

        * kjs/function.cpp:
        (KJS::FunctionImp::passInParameters):


------------------------------------------------------------------------
r24198 | zimmermann | 2007-07-11 08:56:05 -0400 (Wed, 11 Jul 2007) | 5 lines | MO: merge after additional analysis

Reviewed by Mark.

Forwardport the hash table fix from CodeGeneratorJS.pm to create_hash_table.
Reran run-jsc-tests, couldn't find any regressions. Suggested by Darin.

------------------------------------------------------------------------
r23955 | weinig | 2007-07-03 17:35:25 -0400 (Tue, 03 Jul 2007) | 11 lines | MO: not sure

        Reviewed by Brady Eidson.

        Tenth round of fixes for implicit 64-32 bit conversion errors.
        <rdar://problem/5292262>

        - Add explicit casts.

        * kjs/dtoa.cpp:
        (Bigint::):


------------------------------------------------------------------------
r23930 | weinig | 2007-07-02 14:44:00 -0400 (Mon, 02 Jul 2007) | 40 lines | MO: not sure

JavaScriptCore:

        Reviewed by Kevin McCullough.

        Third round of fixes for implicit 64-32 bit conversion errors.
        <rdar://problem/5292262>

        Add custom piDouble and piFloat constants to use instead of M_PI.

        * kjs/math_object.cpp:
        (MathObjectImp::getValueProperty):
        * wtf/MathExtras.h:
        (wtf_atan2):

WebCore:

        Reviewed by Kevin McCullough.

        Third round of fixes for implicit 64-32 bit conversion errors.
        <rdar://problem/5292262>

        Use new piDouble and piFloat constants instead of M_PI.

        * html/CanvasRenderingContext2D.cpp:
        (WebCore::CanvasRenderingContext2D::rotate):
        * ksvg2/svg/SVGParserUtilities.cpp:
        (WebCore::SVGPathParser::calculateArc):
        * platform/graphics/Path.cpp:
        (WebCore::pathLengthApplierFunction):
        (WebCore::Path::createEllipse):
        * platform/graphics/cg/GraphicsContextCG.cpp:
        (WebCore::GraphicsContext::drawEllipse):
        (WebCore::GraphicsContext::strokeArc):
        * platform/graphics/cg/PDFDocumentImage.cpp:
        (WebCore::PDFDocumentImage::setCurrentPage):
        * platform/graphics/svg/filters/cg/SVGFEHelpersCg.h:
        * rendering/RenderPath.cpp:
        (WebCore::drawMarkerWithData):


------------------------------------------------------------------------
r23892 | weinig | 2007-06-29 17:36:10 -0400 (Fri, 29 Jun 2007) | 42 lines | MO: not sure

JavaScriptCore:

        Reviewed by Darin.

        Second pass at fixing implicit 64-32 bit conversion errors.
        <rdar://problem/5292262>

        - Add a toFloat() method to JSValue for float conversion.

        * JavaScriptCore.exp:
        * kjs/value.cpp:
        (KJS::JSValue::toFloat):
        * kjs/value.h:

WebCore:

        Reviewed by Darin.

        Second pass at fixing implicit 64-32 bit conversion errors.
        <rdar://problem/5292262>

        - Use new JSValue::toFloat() method instead of toNumber() where
          appropriate.

        * bindings/js/JSCanvasRenderingContext2DCustom.cpp:
        (WebCore::JSCanvasRenderingContext2D::setFillColor):
        (WebCore::JSCanvasRenderingContext2D::setStrokeColor):
        (WebCore::JSCanvasRenderingContext2D::strokeRect):
        (WebCore::JSCanvasRenderingContext2D::drawImage):
        (WebCore::JSCanvasRenderingContext2D::drawImageFromRect):
        (WebCore::JSCanvasRenderingContext2D::setShadow):
        * bindings/js/JSHTMLSelectElementCustom.cpp:
        (WebCore::JSHTMLSelectElement::remove):
        * bindings/js/JSSVGMatrixCustom.cpp:
        (WebCore::JSSVGMatrix::rotateFromVector):
        * bindings/js/kjs_events.cpp:
        (KJS::JSClipboardPrototypeFunction::callAsFunction):
        * bindings/scripts/CodeGeneratorJS.pm:
        * ksvg2/svg/SVGScriptElement.cpp:
        (WebCore::SVGScriptElement::executeScript):


------------------------------------------------------------------------
r23816 | weinig | 2007-06-27 12:43:01 -0400 (Wed, 27 Jun 2007) | 89 lines | MO: no-merge, irrelevant

JavaScriptCore:

        Reviewed by Darin.

        First pass at fixing implicit 64-32 bit conversion errors.
        <rdar://problem/5292262>

        - Add 'f' suffix where necessary.

        * kjs/testkjs.cpp:
        (StopWatch::getElapsedMS):

WebCore:

        Reviewed by Darin.

        First pass at fixing implicit 64-32 bit conversion errors.
        <rdar://problem/5292262>

        - Add 'f' suffix where necessary.

        * bridge/mac/WebCoreAXObject.mm:
        (-[WebCoreAXObject accessibilityAttributeValue:forParameter:]):
        * css/csshelper.h:
        * css/cssstyleselector.cpp:
        (WebCore::):
        (WebCore::CSSStyleSelector::largerFontSize):
        (WebCore::CSSStyleSelector::smallerFontSize):
        * html/CanvasGradient.cpp:
        (WebCore::CanvasGradient::addColorStop):
        * html/CanvasPattern.cpp:
        (WebCore::CanvasPattern::createPattern):
        * ksvg2/css/SVGCSSStyleSelector.cpp:
        (WebCore::CSSStyleSelector::applySVGProperty):
        * ksvg2/css/SVGRenderStyle.h:
        * ksvg2/events/SVGZoomEvent.cpp:
        (WebCore::SVGZoomEvent::SVGZoomEvent):
        * ksvg2/svg/SVGLength.cpp:
        (WebCore::SVGLength::SVGLength):
        (WebCore::SVGLength::value):
        (WebCore::SVGLength::setValue):
        (WebCore::SVGLength::valueAsPercentage):
        (WebCore::SVGLength::PercentageOfViewport):
        * ksvg2/svg/SVGSVGElement.cpp:
        (WebCore::SVGSVGElement::pixelUnitToMillimeterX):
        (WebCore::SVGSVGElement::pixelUnitToMillimeterY):
        (WebCore::SVGSVGElement::getScreenCTM):
        * ksvg2/svg/SVGTextContentElement.cpp:
        (WebCore::SVGTextContentElement::getComputedTextLength):
        (WebCore::SVGTextContentElement::getSubStringLength):
        (WebCore::SVGTextContentElement::getRotationOfChar):
        * ksvg2/svg/SVGTransformDistance.cpp:
        (WebCore::SVGTransformDistance::SVGTransformDistance):
        (WebCore::SVGTransformDistance::distance):
        * page/InspectorController.cpp:
        (WebCore::InspectorResource::InspectorResource):
        * platform/graphics/FloatPoint3D.cpp:
        (WebCore::FloatPoint3D::normalize):
        * platform/graphics/Path.cpp:
        (WebCore::pathLengthApplierFunction):
        (WebCore::Path::createRoundedRectangle):
        * platform/graphics/cg/GraphicsContextCG.cpp:
        (WebCore::GraphicsContext::drawLine):
        (WebCore::GraphicsContext::strokeArc):
        * platform/graphics/cg/ImageCG.cpp:
        (WebCore::FrameData::clear):
        * platform/graphics/cg/ImageSourceCG.cpp:
        (WebCore::ImageSource::frameDurationAtIndex):
        * platform/graphics/cg/PDFDocumentImage.cpp:
        (WebCore::PDFDocumentImage::setCurrentPage):
        * platform/graphics/svg/SVGPaintServerPattern.cpp:
        (WebCore::SVGPaintServerPattern::externalRepresentation):
        * platform/graphics/svg/SVGPaintServerRadialGradient.cpp:
        (WebCore::SVGPaintServerRadialGradient::SVGPaintServerRadialGradient):
        * platform/graphics/svg/cg/SVGPaintServerGradientCg.cpp:
        (WebCore::cgGradientCallback):
        (WebCore::CGShadingRefForRadialGradient):
        (WebCore::SVGPaintServerGradient::updateQuartzGradientStopsCache):
        * platform/mac/FontDataMac.mm:
        (WebCore::webFallbackFontFamily):
        * platform/mac/PopupMenuMac.mm:
        (WebCore::PopupMenu::show):
        * rendering/InlineFlowBox.cpp:
        (WebCore::InlineFlowBox::placeBoxesHorizontally):
        * rendering/RenderSlider.cpp:
        (WebCore::RenderSlider::setValueForPosition):
        (WebCore::RenderSlider::setPositionFromValue):


------------------------------------------------------------------------
r23694 | staikos | 2007-06-21 01:42:00 -0400 (Thu, 21 Jun 2007) | 2 lines | MO: no-merge, irrelevant

More missing files for building with Qt

------------------------------------------------------------------------
r23689 | staikos | 2007-06-21 00:43:41 -0400 (Thu, 21 Jun 2007) | 2 lines | MO: no-merge, irrelevant

One last build fix - now it runs again

------------------------------------------------------------------------
r23688 | staikos | 2007-06-21 00:31:39 -0400 (Thu, 21 Jun 2007) | 2 lines | MO: no-merge, irrelevant

Repair the Qt build

------------------------------------------------------------------------
r23675 | bdash | 2007-06-20 20:00:12 -0400 (Wed, 20 Jun 2007) | 21 lines | MO: merge, bugfix

2007-06-20  Mark Rowe  <[email protected]>

        Reviewed by Mitz.

        Fix http://bugs.webkit.org/show_bug.cgi?id=14244
        Bug 14244: Data corruption when using a replace() callback function with data containing "$"

        * kjs/string_object.cpp:
        (KJS::replace):  When 'replacement' is a function, do not replace $n placeholders in its return value.
        This matches the behaviour described in ECMA 262 3rd Ed section 15.5.4.1, and as implemented in Firefox.

2007-06-20  Mark Rowe  <[email protected]>

        Reviewed by Mitz.

        Test for http://bugs.webkit.org/show_bug.cgi?id=14244
        Bug 14244: Data corruption when using a replace() callback function with data containing "$"

        * fast/js/resources/string-replace-2.js: Update to test with 'replaceValue' being a function returning strings with "$n" placeholders.
        * fast/js/string-replace-2-expected.txt:

------------------------------------------------------------------------
r23521 | darin | 2007-06-14 00:58:04 -0400 (Thu, 14 Jun 2007) | 31 lines | MO: merge, followup bugfix, though seems OK in KJS

JavaScriptCore:

        Reviewed by Mark Rowe.

        - fix http://bugs.webkit.org/show_bug.cgi?id=14132
          array sort with > 10000 elements sets elements > 10000 undefined

        Test: fast/js/sort-large-array.html

        * kjs/array_instance.h: Replaced pushUndefinedObjectsToEnd with
        compactForSorting, and removed ExecState parameters.

        * kjs/array_object.cpp:
        (ArrayInstance::sort): Changed to call compactForSorting.
        (ArrayInstance::compactForSorting): Do the get and delete of the
        properties directly on the property map instead of using public
        calls from JSObject. The public calls would just read the undefined
        values from the compacted sort results array!

LayoutTests:

        Reviewed by Mark Rowe.

        - test for http://bugs.webkit.org/show_bug.cgi?id=14132
          array sort with > 10000 elements sets elements > 10000 undefined

        * fast/js/resources/sort-large-array.js: Added.
        * fast/js/sort-large-array-expected.txt: Added.
        * fast/js/sort-large-array.html: Added.


------------------------------------------------------------------------
r23504 | hausmann | 2007-06-13 11:01:28 -0400 (Wed, 13 Jun 2007) | 2 lines | MO: no-merge, irrelevant

Fix the build: WebKitQt is now called QtWebKit

------------------------------------------------------------------------
r23470 | andersca | 2007-06-12 21:48:11 -0400 (Tue, 12 Jun 2007) | 9 lines | MO: merge, safety fix

        Reviewed by Maciej.

        Have JSCell inherit from Noncopyable.
        
        * bindings/objc/objc_runtime.h:
        * bindings/runtime_object.h:
        * kjs/value.h:


------------------------------------------------------------------------
r21889 | bdash | 2007-05-30 08:19:36 -0400 (Wed, 30 May 2007) | 23 lines | MO: no-merge, from KJS

2007-05-30  Luciano Montanaro  <[email protected]>

        Reviewed by Maciej.

        - cross-port Harri Porten's commits 636099 and 636108 from KJS: 
        "publish a class anyway public already" and "class is being used from
        outside for quite some time" in preparation for further syncronizations

        * kjs/context.h:
        * kjs/date_object.cpp:
        * kjs/date_object.h:
        * kjs/function.h:
        (KJS::):
        (KJS::InternalFunctionImp::classInfo):
        (KJS::InternalFunctionImp::functionName):
        * kjs/function_object.h:
        * kjs/internal.h:
        * kjs/lookup.h:
        (KJS::getStaticPropertySlot):
        (KJS::getStaticFunctionSlot):
        (KJS::getStaticValueSlot):
        * kjs/object_object.h:

------------------------------------------------------------------------
r21867 | weinig | 2007-05-29 19:07:02 -0400 (Tue, 29 May 2007) | 9 lines | MO: not sure

        Reviewed by Adam Roben.

        Cleanup function and fix to match comparison API.

        * kjs/string_object.cpp:
        (KJS::substituteBackreferences):
        (KJS::localeCompare):


------------------------------------------------------------------------
r21824 | darin | 2007-05-27 18:40:20 -0400 (Sun, 27 May 2007) | 7 lines | MO: not sure

        - fix a couple ifdefs that said WIN instead of WIN_OS

        * kjs/collector.cpp:
        (KJS::allocateBlock): WIN -> WIN_OS
        (KJS::freeBlock): Ditto.

------------------------------------------------------------------------
r21790 | darin | 2007-05-25 19:50:00 -0400 (Fri, 25 May 2007) | 27 lines | MO: no merge, fine in KJS, variable-code related

JavaScriptCore:

        Reviewed by Darin.

        - Fix for http://bugs.webkit.org/show_bug.cgi?id=13456
        REGRESSION: setTimeout "arguments" object gets shadowed by a local variable

        - Add a explicit check for arguments. Previously check was done with getDirect,
        but since the arguments is created on-demand in ActivationImp, it doesn't
        show up in the test. 'arguments' should always be in the VarDeclNode's
        evaluation scope.

        * kjs/nodes.cpp:
        (VarDeclNode::evaluate): Additional check if the var decl identifier is 'arguments'

LayoutTests:

        Reviewed by Darin.

        - Test cases for http://bugs.webkit.org/show_bug.cgi?id=13456
          REGRESSION: setTimeout"arguments" object gets shadowed by a local variable

        * fast/js/resources/vardecl-preserve-arguments.js: Added.
        * fast/js/vardecl-preserve-arguments-expected.txt: Added.
        * fast/js/vardecl-preserve-arguments.html: Added.


------------------------------------------------------------------------
r21761 | weinig | 2007-05-25 13:26:32 -0400 (Fri, 25 May 2007) | 29 lines | MO: maybe-merge, needs analysis

JavaScriptCore:

        Reviewed by Darin.

        - http://bugs.webkit.org/show_bug.cgi?id=13623 (Decompilation of function
          doesn't compile with "++(x,y)")
        - Create the error node based on the actual node, not the node inside
          parenthesis
        - Fix applies to postfix, prefix and typeof operators
        - Produces run-time ReferenceError like other non-lvalue assignments etc.

        * kjs/grammar.y: Create {Prefix,Postfix}ErrorNode based on the actual node,
        not the based on the node returned by "nodeInsideAllParens()". Same for
        TypeOfValueNode.

LayoutTests:

        Reviewed by Darin.

        - http://bugs.webkit.org/show_bug.cgi?id=13623 (Decompilation of function
          doesn't compile with "++(x,y)")
        - Contains tests for grouping expression that is inside typeof or prefix/postfix
          expression

        * fast/js/resources/toString-prefix-postfix-preserve-parens.js: Added.
        * fast/js/toString-prefix-postfix-preserve-parens-expected.txt: Added.
        * fast/js/toString-prefix-postfix-preserve-parens.html: Added.


------------------------------------------------------------------------
r21736 | weinig | 2007-05-24 19:28:28 -0400 (Thu, 24 May 2007) | 36 lines | MO: no-merge, based on our change

        Reviewed by Darin

        Patch for http://bugs.webkit.org/show_bug.cgi?id=13855
        Port patch 666176 to JavaScriptCore

        - Renamed JSValue::downcast() to JSValue::asCell() which makes the
        function meaning cleaner. It's modeled after Harri Porten change in 
        KDE trunk.

        * kjs/collector.cpp:
        (KJS::Collector::protect):
        (KJS::Collector::unprotect):
        (KJS::Collector::collectOnMainThreadOnly):
        * kjs/object.h:
        (KJS::JSValue::isObject):
        * kjs/string_object.cpp:
        (KJS::StringProtoFunc::callAsFunction):
        * kjs/value.h:
        (KJS::JSValue::asCell):
        (KJS::JSValue::isNumber):
        (KJS::JSValue::isString):
        (KJS::JSValue::isObject):
        (KJS::JSValue::getNumber):
        (KJS::JSValue::getString):
        (KJS::JSValue::getObject):
        (KJS::JSValue::getUInt32):
        (KJS::JSValue::mark):
        (KJS::JSValue::marked):
        (KJS::JSValue::type):
        (KJS::JSValue::toPrimitive):
        (KJS::JSValue::toBoolean):
        (KJS::JSValue::toNumber):
        (KJS::JSValue::toString):
        (KJS::JSValue::toObject):


------------------------------------------------------------------------
r21557 | bdash | 2007-05-18 04:29:58 -0400 (Fri, 18 May 2007) | 33 lines | MO: no-merge, irrelevant

2007-05-18  Holger Hans Peter Freyther  <[email protected]>

        Reviewed by Mark Rowe.

        No test added as this is hard to time.

        * platform/gdk/FrameGdk.cpp: Use needsLayout() to decide if layout()
        is needed.

        (WebCore::FrameGdk::dumpRenderTree):
        (WebCore::FrameGdk::handleGdkEvent):

2007-05-18  Holger Hans Peter Freyther  <[email protected]>

        Reviewed by Mark Rowe.

        * kjs/testkjs.pro: Make the Gdk port link to icu

2007-05-18  Holger Hans Peter Freyther  <[email protected]>

        Reviewed by Mark Rowe.

        * WebKit.pro: Build testkjs for Gdk and Qt

2007-05-18  Holger Hans Peter Freyther  <[email protected]>

        Reviewed by Mark Rowe.

        * GdkLauncher/main.cpp:
        (main): Call Frame::init to catch up with Maciej's changes.
        * Scripts/run-javascriptcore-tests: Remove --gdk from the command line
        passed to the helper scripts.

------------------------------------------------------------------------
r21473 | bdash | 2007-05-14 21:53:54 -0400 (Mon, 14 May 2007) | 23 lines | MO: no-merge, not broken in KJS

2007-05-14  Kimmo Kinnunen  <[email protected]>

        Reviewed by Darin.

        - Fixes http://bugs.webkit.org/show_bug.cgi?id=13622 (Decompiler
          omits trailing comma in array literal)

         * kjs/nodes2string.cpp:
         (ArrayNode::streamTo): print extra ',' in case there was elision
         commas (check opt member var) and array elements present
         in the array expression

2007-05-14  Kimmo Kinnunen  <[email protected]>

        Reviewed by Darin.

        - Tests for fix to http://bugs.webkit.org/show_bug.cgi?id=13622 (Decompiler omits
          trailing comma in array literal)

        * fast/js/resources/toString-elision-trailing-comma.js: Added.
        * fast/js/toString-elision-trailing-comma-expected.txt: Added.
        * fast/js/toString-elision-trailing-comma.html: Added.

------------------------------------------------------------------------
r21409 | bdash | 2007-05-11 12:45:45 -0400 (Fri, 11 May 2007) | 31 lines | MO: merge, bugfix

2007-05-11  Kimmo Kinnunen  <[email protected]>

        Reviewed by Darin.

        - Fix for bug http://bugs.webkit.org/show_bug.cgi?id=13620
          Bogus decompilation of "for (var j = 1 in [])"
        - ForInNode toString()'ed to syntax error if there was var decl
          and initializer
        - ForNode toStringed()'ed lost 'var ' if it was present

        * kjs/nodes2string.cpp:
        (VarDeclListNode::streamTo): Print "var " here
        (VarStatementNode::streamTo): Don't print "var " here
        (ForNode::streamTo): Remove TODO comment, VarDeclListNode will
        stream the "var "
        (ForInNode::streamTo): ForIn initializer is printed by VarDeclNode

2007-05-11  Kimmo Kinnunen  <[email protected]>

        Reviewed by Darin.

        - Tests for bug http://bugs.webkit.org/show_bug.cgi?id=13620
          Bogus decompilation of "for (var j = 1 in [])"

        Testcase covers toString()ing functions with
        for-statements of form for (var j = 1 in []) and for (var j=0;j<10;j++)

        * fast/js/resources/toString-for-var-decl.js: Added.
        * fast/js/toString-for-var-decl-expected.txt: Added.
        * fast/js/toString-for-var-decl.html: Added.

------------------------------------------------------------------------
r21406 | bdash | 2007-05-11 12:15:45 -0400 (Fri, 11 May 2007) | 37 lines | MO: merge, bugfix 

2007-05-11  Kimmo Kinnunen  <[email protected]>

        Reviewed by Darin.

        - Fixes http://bugs.webkit.org/show_bug.cgi?id=10878
          (Incorrect decompilation for "4..x")
        - Group numbers in dotted expressions in toString() output, so we
          avoid the 4.x constructs  when the original input is 4..x.
          4..x means the same as 4. .x or (4).x or Number(4).x

        * kjs/nodes2string.cpp:
        (KJS::SourceStream::):
        Add boolean flag to indicate that if next item is a number, it should be grouped.
        Add new formatting enum which turns on the boolean flag.
        (KJS::SourceStream::SourceStream): Added. Initialize the flag.
        (SourceStream::operator<<): Added. New overloaded operator with double value as parameter.
        (NumberNode::streamTo): Use the double operator
        (ArrayNode::streamTo):
        (DotAccessorNode::streamTo):
        (FunctionCallDotNode::streamTo):
        (FunctionCallParenDotNode::streamTo):
        (PostfixDotNode::streamTo):
        (DeleteDotNode::streamTo):
        (PrefixDotNode::streamTo):
        (AssignDotNode::streamTo): Use the new formatting enum to turn on the grouping flag.

2007-05-11  Kimmo Kinnunen  <[email protected]>

        Reviewed by Darin.

        Tests for http://bugs.webkit.org/show_bug.cgi?id=10878
        Bug 10878: Incorrect decompilation for "4..x"

        * fast/js/resources/toString-number-dot-expr.js: Added.
        * fast/js/toString-number-dot-expr-expected.txt: Added.
        * fast/js/toString-number-dot-expr.html: Added.

------------------------------------------------------------------------
r21399 | bdash | 2007-05-11 06:04:17 -0400 (Fri, 11 May 2007) | 1 line  | MO: no-merge, revert

Roll out r21393 due to the JavaScriptCore test failure it introduced.
------------------------------------------------------------------------
r21393 | bdash | 2007-05-11 04:51:49 -0400 (Fri, 11 May 2007) | 21 lines | MO: no-merge, reverted

2007-05-11  Kimmo Kinnunen  <[email protected]>

        Reviewed by Darin.

        - Fixes http://bugs.webkit.org/show_bug.cgi?id=13622 (Decompiler omits trailing
          comma in array literal)

        * kjs/grammar.y: Add the comma that parser consumes in elision
          when the array has trailing commas.

2007-05-11  Kimmo Kinnunen  <[email protected]>

        Reviewed by Darin.

        - Tests for fix to http://bugs.webkit.org/show_bug.cgi?id=13622 (Decompiler omits
          trailing comma in array literal)

        * fast/js/resources/toString-elision-trailing-comma.js: Added.
        * fast/js/toString-elision-trailing-comma-expected.txt: Added.
        * fast/js/toString-elision-trailing-comma.html: Added.

------------------------------------------------------------------------
r21332 | eseidel | 2007-05-09 06:36:25 -0400 (Wed, 09 May 2007) | 10 lines | MO: no-merge, fixed already

2007-05-09  Eric Seidel  <[email protected]>

        Reviewed by mjs.
        
        http://bugs.webkit.org/show_bug.cgi?id=6985
        Cyclic __proto__ values cause WebKit to hang

        * kjs/object.cpp:
        (KJS::JSObject::put): do a cycle check before setting __proto__

------------------------------------------------------------------------
r21320 | eseidel | 2007-05-08 23:11:33 -0400 (Tue, 08 May 2007) | 12 lines | MO: seems like was modified by later do { } while change

2007-05-08  Kimmo Kinnunen  <[email protected]>

        Reviewed by darin.  Landed by eseidel.

        - http://bugs.webkit.org/show_bug.cgi?id=10880 (Do..while loop gains 
        a semicolon each time it is toStringed)
        Grammar in Ecma-66262, 12.6: "do Statement while ( Expression );"
        EmptyStatement was created after every do..while(expr) which
        had semicolon at the end.

        * kjs/grammar.y: Require semicolon at the end of do..while

------------------------------------------------------------------------
r21256 | darin | 2007-05-04 13:14:57 -0400 (Fri, 04 May 2007) | 20 lines | MO: merge, bugfixes

JavaScriptCore:

        Reviewed by Adele.

        - fix <rdar://problem/5007921> Number.toExponential doesn't work for negative numbers

        * kjs/number_object.cpp: (NumberProtoFunc::callAsFunction):
        Added a call to fabs before calling log10.

LayoutTests:

        Reviewed by Adele.

        - test for <rdar://problem/5007921> Number.toExponential doesn't work for negative numbers

        * fast/js/kde/resources/Number.js: Added negative number versions of some tests of
        toFixed, toExponential, toPrecision, etc.
        * fast/js/kde/Number-expected.txt: Updated, new tests all passing.


------------------------------------------------------------------------
r21235 | hausmann | 2007-05-03 18:04:27 -0400 (Thu, 03 May 2007) | 2 lines | MO: no-merge, irrelevant

Gdk build fixes using the Qt build's qmake tool from Holger Freyther, reviewed by Zack.

------------------------------------------------------------------------
r21200 | ap | 2007-05-01 05:03:04 -0400 (Tue, 01 May 2007) | 11 lines | MO: no-merge, irrelevant

2007-05-01  Jungshik Shin  <[email protected]>

        Reviewed by Alexey.

        - get rid of non-ASCII lteral characters : suppress compiler warnings
        http://bugs.webkit.org/show_bug.cgi?id=13551
         
        * kjs/testkjs.cpp:
        * pcre/pcre_compile.c:


------------------------------------------------------------------------
r21122 | ddkilzer | 2007-04-26 17:15:26 -0400 (Thu, 26 Apr 2007) | 11 lines | MO: maybe-merge, but irrelevant

2007-04-25  David Kilzer  <[email protected]>

        Reviewed by Maciej.

        Add assertions for debug builds.

        * kjs/JSLock.cpp:
        (KJS::JSLock::lock): Assert the return value of pthread_mutex_lock() in debug builds.
        (KJS::JSLock::unlock): Assert the return value of pthread_mutex_unlock() in debug builds.


------------------------------------------------------------------------
r21080 | mjs | 2007-04-24 22:11:33 -0400 (Tue, 24 Apr 2007) | 100 lines | MO: no-merge, ugly as hell

        Reviewed by Oliver.
        
        - use custom calling convention for everything in nodes.cpp on intel gcc for 1.5% speed boost

        Nearly all functions in nodes.cpp were marked up to use the
        regparm(3) calling convention under GCC for x86, since this is
        faster and they are all guaranteed to be called only internally to
        kjs.
        
        The only exception is destructors, since delete doesn't know how to use a custom calling convention.
        
        * kjs/nodes.cpp:
        (dotExprDoesNotAllowCallsString):
        * kjs/nodes.h:
        (KJS::Node::):
        (KJS::StatementNode::):
        (KJS::NullNode::):
        (KJS::BooleanNode::):
        (KJS::NumberNode::):
        (KJS::StringNode::):
        (KJS::RegExpNode::):
        (KJS::ThisNode::):
        (KJS::ResolveNode::):
        (KJS::GroupNode::):
        (KJS::ElementNode::):
        (KJS::ArrayNode::):
        (KJS::PropertyNameNode::):
        (KJS::PropertyNode::):
        (KJS::PropertyListNode::):
        (KJS::ObjectLiteralNode::):
        (KJS::BracketAccessorNode::):
        (KJS::DotAccessorNode::):
        (KJS::ArgumentListNode::):
        (KJS::ArgumentsNode::):
        (KJS::NewExprNode::):
        (KJS::FunctionCallValueNode::):
        (KJS::FunctionCallResolveNode::):
        (KJS::FunctionCallBracketNode::):
        (KJS::FunctionCallParenBracketNode::):
        (KJS::FunctionCallDotNode::):
        (KJS::FunctionCallParenDotNode::):
        (KJS::PostfixResolveNode::):
        (KJS::PostfixBracketNode::):
        (KJS::PostfixDotNode::):
        (KJS::PostfixErrorNode::):
        (KJS::DeleteResolveNode::):
        (KJS::DeleteBracketNode::):
        (KJS::DeleteDotNode::):
        (KJS::DeleteValueNode::):
        (KJS::VoidNode::):
        (KJS::TypeOfResolveNode::):
        (KJS::TypeOfValueNode::):
        (KJS::PrefixResolveNode::):
        (KJS::PrefixBracketNode::):
        (KJS::PrefixDotNode::):
        (KJS::PrefixErrorNode::):
        (KJS::UnaryPlusNode::):
        (KJS::NegateNode::):
        (KJS::BitwiseNotNode::):
        (KJS::LogicalNotNode::):
        (KJS::MultNode::):
        (KJS::AddNode::):
        (KJS::ShiftNode::):
        (KJS::RelationalNode::):
        (KJS::EqualNode::):
        (KJS::BitOperNode::):
        (KJS::BinaryLogicalNode::):
        (KJS::ConditionalNode::):
        (KJS::AssignResolveNode::):
        (KJS::AssignBracketNode::):
        (KJS::AssignDotNode::):
        (KJS::AssignErrorNode::):
        (KJS::CommaNode::):
        (KJS::AssignExprNode::):
        (KJS::VarDeclListNode::):
        (KJS::VarStatementNode::):
        (KJS::EmptyStatementNode::):
        (KJS::ExprStatementNode::):
        (KJS::IfNode::):
        (KJS::DoWhileNode::):
        (KJS::WhileNode::):
        (KJS::ForNode::):
        (KJS::ContinueNode::):
        (KJS::BreakNode::):
        (KJS::ReturnNode::):
        (KJS::WithNode::):
        (KJS::LabelNode::):
        (KJS::ThrowNode::):
        (KJS::TryNode::):
        (KJS::ParameterNode::):
        (KJS::Parameter::):
        (KJS::FunctionBodyNode::):
        (KJS::FuncExprNode::):
        (KJS::FuncDeclNode::):
        (KJS::SourceElementsNode::):
        (KJS::CaseClauseNode::):
        (KJS::ClauseListNode::):
        (KJS::SwitchNode::):


------------------------------------------------------------------------
r21076 | oliver | 2007-04-24 17:06:14 -0400 (Tue, 24 Apr 2007) | 7 lines | MO: maybe-merge, BC impact 

        GTK Build fix, ::findEntry->KJS::findEntry

        * kjs/lookup.cpp:
        (KJS::Lookup::findEntry):
        (KJS::Lookup::find):


------------------------------------------------------------------------
r21064 | mjs | 2007-04-24 04:44:14 -0400 (Tue, 24 Apr 2007) | 13 lines | MO: no-merge, enable-final ripoff

        Reviewed by Geoff.
        
        - compile most of JavaScriptCore as one file for 4% JS iBench speed improvement 

        * JavaScriptCore.xcodeproj/project.pbxproj: Add AllInOneFile.cpp, and remove files it includes
        from the build.
        * kjs/AllInOneFile.cpp: Added.
        * kjs/dtoa.cpp: Renamed CONST to CONST_ to avoid conflict.
        (Bigint::):
        (Bigint::nrv_alloc):
        * kjs/lookup.cpp: Use "namspace KJS { ... }" instead of "using namespace KJS;" 


------------------------------------------------------------------------
r21050 | mjs | 2007-04-23 18:14:45 -0400 (Mon, 23 Apr 2007) | 5 lines | MO: merge if applicable, follow up

        Build fix, not reviewed.

        * kjs/collector.h: Fix struct/class mismatch.


------------------------------------------------------------------------
r21048 | mjs | 2007-04-23 18:08:40 -0400 (Mon, 23 Apr 2007) | 10 lines | MO: merge if cell size shrinkage is there. I think this was my idea, anyway ;-)

        Reviewed by Darin.

        - raise ALLOCATIONS_PER_COLLECTION to 4000, for 3.7% iBench speed improvement
         
        Now that the cell size is smaller and the block size is bigger, we can fit 4000 objects in
        the two spare cells the collector is willing to keep around, so collect a bit less often.
        
        * kjs/collector.cpp:


------------------------------------------------------------------------
r21047 | mjs | 2007-04-23 17:54:33 -0400 (Mon, 23 Apr 2007) | 36 lines | MO: merge, cell shrinake but make sure BC works 

        Reviewed by Darin and Geoff.
        
        - move mark and collectOnMainThreadOnly bits into separate bitmaps
        
        This saves 4 bytes per cell, allowing shrink of cell size to 32,
        which leads to a .8% speed improvement on iBench.
        
        This is only feasible because of all the previous changes on the branch.

        * kjs/collector.cpp:
        (KJS::allocateBlock): Adjust for some renames of constants. 
        (KJS::Collector::markStackObjectsConservatively): Now that cells are 32 bytes (64 
        bytes on 64-bit) the cell alignment check can be made much more strict, and also
        obsoletes the need for a % sizeof(CollectorCell) check. Also, we can mask off the low
        bits of the pointer to have a potential block pointer to look for.
        (KJS::Collector::collectOnMainThreadOnly): Use bitmap.
        (KJS::Collector::markMainThreadOnlyObjects): Use bitmap.
        (KJS::Collector::collect): When sweeping, use bitmaps directly to find mark bits.
        * kjs/collector.h:
        (KJS::): Move needed constants and type declarations here.
        (KJS::CollectorBitmap::get): Bit twiddling to get a bitmap value.
        (KJS::CollectorBitmap::set): Bit twiddling to set a bitmap bit to true.
        (KJS::CollectorBitmap::clear): Bit twiddling to set a bitmap bit to false.
        (KJS::CollectorBitmap::clearAll): Clear whole bitmap at one go.
        (KJS::Collector::cellBlock): New operation, compute the block pointer for
        a cell by masking off low bits.
        (KJS::Collector::cellOffset): New operation, compute the cell offset for a
        cell by masking off high bits and dividing (actually a shift).
        (KJS::Collector::isCellMarked): Check mark bit in bitmap
        (KJS::Collector::markCell): Set mark bit in bitmap.
        * kjs/value.h:
        (KJS::JSCell::JSCell): No more bits.
        (KJS::JSCell::marked): Let collector handle it.
        (KJS::JSCell::mark): Let collector handle it.


------------------------------------------------------------------------
r21034 | andersca | 2007-04-23 10:14:26 -0400 (Mon, 23 Apr 2007) | 6 lines | MO: merge, when relevant

        Build fix.
        
        * kjs/regexp_object.h:
        RegExpObjectImpPrivate is a struct, not a class.


------------------------------------------------------------------------
r21032 | mjs | 2007-04-23 06:28:10 -0400 (Mon, 23 Apr 2007) | 33 lines | MO: double-check

        Reviewed by Darin.
        
        - shrink FunctionImp / DeclaredFunctionImp by 4 bytes, by moving parameter list to function body
        
        I reconciled this with a similar change in KDE kjs by Maks Orlovich <[email protected]>.

        * kjs/function.cpp:
        (KJS::FunctionImp::callAsFunction):
        (KJS::FunctionImp::passInParameters):
        (KJS::FunctionImp::lengthGetter):
        (KJS::FunctionImp::getParameterName):
        * kjs/function.h:
        * kjs/function_object.cpp:
        (FunctionProtoFunc::callAsFunction):
        (FunctionObjectImp::construct):
        * kjs/nodes.cpp:
        (FunctionBodyNode::addParam):
        (FunctionBodyNode::paramString):
        (FuncDeclNode::addParams):
        (FuncDeclNode::processFuncDecl):
        (FuncExprNode::addParams):
        (FuncExprNode::evaluate):
        * kjs/nodes.h:
        (KJS::Parameter::Parameter):
        (KJS::FunctionBodyNode::numParams):
        (KJS::FunctionBodyNode::paramName):
        (KJS::FunctionBodyNode::parameters):
        (KJS::FuncExprNode::FuncExprNode):
        (KJS::FuncDeclNode::FuncDeclNode):
        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: Disable 64-bit warnings because
        they handle size_t badly.


------------------------------------------------------------------------
r21031 | mjs | 2007-04-23 05:45:35 -0400 (Mon, 23 Apr 2007) | 21 lines | MO: merge, object size

        Reviewed by Darin.

        - shrink RegexpObjectImp by 4 bytes
        
        Somewhat inexplicably, this seems to be a .33% speedup on JS iBench.
        
        * kjs/regexp_object.cpp:
        (KJS::RegExpObjectImpPrivate::RegExpObjectImpPrivate):
        (RegExpObjectImp::RegExpObjectImp):
        (RegExpObjectImp::performMatch):
        (RegExpObjectImp::arrayOfMatches):
        (RegExpObjectImp::getBackref):
        (RegExpObjectImp::getLastMatch):
        (RegExpObjectImp::getLastParen):
        (RegExpObjectImp::getLeftContext):
        (RegExpObjectImp::getRightContext):
        (RegExpObjectImp::getValueProperty):
        (RegExpObjectImp::putValueProperty):
        * kjs/regexp_object.h:


------------------------------------------------------------------------
r21030 | mjs | 2007-04-23 05:27:39 -0400 (Mon, 23 Apr 2007) | 9 lines | MO: merge, followup

        Reviewed by Oliver.
        
        - change to 1-bit bitfields instead of 8-bit, this turns out to lead to a .51% speedup on JS iBench
        
        The 1-bit bitfields are actually faster than just plain bools, at least on Intel (go figure).

        * kjs/property_map.h:


------------------------------------------------------------------------
r21029 | mjs | 2007-04-23 04:53:41 -0400 (Mon, 23 Apr 2007) | 19 lines | MO: merge, object-size shrinkage

        Reviewed by Darin.
       
        - shrink ArrayInstance objects by 4 bytes
        http://bugs.webkit.org/show_bug.cgi?id=13386
        
        I did this by storing the capacity before the beginning of the storage array. It turns out
        it is rarely needed and is by definition 0 when the storage array is null.
 
        * kjs/array_instance.h:
        (KJS::ArrayInstance::capacity): Get it from the secret stash
        * kjs/array_object.cpp:
        (allocateStorage): New function to encapsulate allocating the storage with extra space ahead
        for the capacity.
        (reallocateStorage): ditto for realloc
        (ArrayInstance::ArrayInstance):
        (ArrayInstance::~ArrayInstance):
        (ArrayInstance::resizeStorage):


------------------------------------------------------------------------
r21027 | darin | 2007-04-23 04:38:46 -0400 (Mon, 23 Apr 2007) | 54 lines | MO: maybe-merge, appears to work w/ KJS+ affected heavily by reference, but may be an optimization

JavaScriptCore:

        Reviewed by Maciej.

        - fix <rdar://problem/4840688> REGRESSION (r10588, r10621): JavaScript won't parse
          modifications of non-references (breaks 300themovie.warnerbros.com, fedex.com)

        Despite the ECMAScript specification's claim that you can treat these as syntax
        errors, doing so creates some website incompatibilities. So this patch turns them back
        into evaluation errors instead.

        Test: fast/js/modify-non-references.html

        * kjs/grammar.y: Change makeAssignNode, makePrefixNode, and makePostfixNode so that they
        never fail to parse. Update rules that use them. Fix a little bit of indenting. Use
        new PostfixErrorNode, PrefixErrorNode, and AssignErrorNode classes.

        * kjs/nodes.h: Added an overload of throwError that takes a char* argument.
        Replaced setExceptionDetailsIfNeeded and debugExceptionIfNeeded with handleException,
        which does both. Added PostfixErrorNode, PrefixErrorNode, and AssignErrorNode classes.

        * kjs/nodes.cpp: Changed exception macros to use handleException; simpler and smaller
        code size than the two functions that we used before.
        (Node::throwError): Added the overload mentioned above.
        (Node::handleException): Added. Contains the code from both setExceptionDetailsIfNeeded
        and debugExceptionIfNeeded.
        (PostfixErrorNode::evaluate): Added. Throws an exception.
        (PrefixErrorNode::evaluate): Ditto.
        (AssignErrorNode::evaluate): Ditto.
        (ThrowNode::execute): Call handleException instead of debugExceptionIfNeeded; this
        effectively adds a call to setExceptionDetailsIfNeeded, which may help with getting
        the correct file and line number for these exceptions.

        * kjs/nodes2string.cpp:
        (PostfixErrorNode::streamTo): Added.
        (PrefixErrorNode::streamTo): Added.
        (AssignErrorNode::streamTo): Added.

LayoutTests:

        Reviewed by Maciej.

        - test for <rdar://problem/4840688> REGRESSION (r10588, r10621): JavaScript won't parse
          modifications of non-references (breaks 300themovie.warnerbros.com, fedex.com)

        * fast/js/modify-non-references-expected.txt: Added.
        * fast/js/modify-non-references.html: Added.
        * fast/js/resources/modify-non-references.js: Added.

        * fast/js/assign-expected.txt: Updated for different exception text.
        * fast/js/postfix-syntax-expected.txt: Ditto.
        * fast/js/prefix-syntax-expected.txt: Ditto.


------------------------------------------------------------------------
r21025 | mjs | 2007-04-23 03:54:43 -0400 (Mon, 23 Apr 2007) | 8 lines | MO: merge followup to property map changes

        Reviewed by Darin.
        
        - fix test failures / crashes on PPC

        * kjs/property_map.h: Make the bool fields explicitly 8-bit bitfields, since bool is a full
        word there otherwise :-(


------------------------------------------------------------------------
r21019 | mjs | 2007-04-23 00:16:42 -0400 (Mon, 23 Apr 2007) | 34 lines | MO: merge, Chris's patch

        Reviewed by Darin.
        
        - discard the arguments List for an ActivationImp when the corresponding Context is destroyed (1.7% speedup)
        http://bugs.webkit.org/show_bug.cgi?id=13385

        Based an idea by Christopher E. Hyde <[email protected]>. His patch to do 
        this also had many other List changes and I found this much simpler subset of the changes
        was actually a hair faster.
        
        This optimization is valid because the arguments list is only kept around to
        lazily make the arguments object. If it's not made by the time the function
        exits, it never will be, since any function that captures the continuation will
        have its own local arguments variable in scope.
        
        Besides the 1.7% speed improvement, it shrinks List by 4 bytes
        (which in turn shrinks ActivationImp by 4 bytes).
        
        * kjs/Context.cpp:
        (KJS::Context::~Context): Clear the activation's arguments list.
        * kjs/function.cpp:
        (KJS::ActivationImp::ActivationImp): Adjusted for list changes.
        (KJS::ActivationImp::mark): No need to mark, lists are always protected (this doesn't
        cause a ref-cycle for reasons stated above).
        (KJS::ActivationImp::createArgumentsObject): Clear arguments list.
        * kjs/function.h:
        * kjs/list.cpp:
        (KJS::List::List): No more needsMarking boolean
        (KJS::List::operator=): ditto
        * kjs/list.h:
        (KJS::List::List): ditto
        (KJS::List::reset): ditto
        (KJS::List::deref): ditto


------------------------------------------------------------------------
r21018 | mjs | 2007-04-23 00:10:47 -0400 (Mon, 23 Apr 2007) | 39 lines | MO: merge, but be careful to look at Chris's version

        Reviewed by Darin.
        
        - shrink PropertyMap by 8 bytes and therefore shrink CELL_SIZE to 40 (for 32-bit; 
        similar shrinkage for 64-bit)
        http://bugs.webkit.org/show_bug.cgi?id=13384

        Inspired by similar changes by Christopher E. Hyde <[email protected]>
        done in the kjs-tweaks branch of KDE's kjs. However, this version is somewhat 
        cleaner style-wise and avoids some of the negative speed impact (at least on gcc/x86) 
        of his version.
        
        This is nearly a wash performance-wise, maybe a slight slowdown, but worth doing
        to eventually reach cell size 32.
        
        * kjs/collector.cpp:
        (KJS::):
        * kjs/property_map.cpp:
        (KJS::PropertyMap::~PropertyMap):
        (KJS::PropertyMap::clear):
        (KJS::PropertyMap::get):
        (KJS::PropertyMap::getLocation):
        (KJS::PropertyMap::put):
        (KJS::PropertyMap::insert):
        (KJS::PropertyMap::expand):
        (KJS::PropertyMap::rehash):
        (KJS::PropertyMap::remove):
        (KJS::PropertyMap::mark):
        (KJS::PropertyMap::containsGettersOrSetters):
        (KJS::PropertyMap::getEnumerablePropertyNames):
        (KJS::PropertyMap::getSparseArrayPropertyNames):
        (KJS::PropertyMap::save):
        (KJS::PropertyMap::checkConsistency):
        * kjs/property_map.h:
        (KJS::PropertyMap::hasGetterSetterProperties):
        (KJS::PropertyMap::setHasGetterSetterProperties):
        (KJS::PropertyMap::):
        (KJS::PropertyMap::PropertyMap):


------------------------------------------------------------------------
r21017 | mjs | 2007-04-23 00:01:47 -0400 (Mon, 23 Apr 2007) | 12 lines  | MO: merge, careful to portability

        Reviewed by Darin.
        
        - change blocks to 64k in size, and use various platform-specific calls to allocate at 64k-aligned addresses
        http://bugs.webkit.org/show_bug.cgi?id=13383
        
        * kjs/collector.cpp:
        (KJS::allocateBlock): New function to allocate 64k of 64k-aligned memory
        (KJS::freeBlock): Corresponding free
        (KJS::Collector::allocate):
        (KJS::Collector::collect):


------------------------------------------------------------------------
r21015 | mjs | 2007-04-22 23:28:45 -0400 (Sun, 22 Apr 2007) | 18 lines | MO: NO-MERGE, API sanity

        Reviewed by Darin and Geoff.
        
        - remove the concept of oversize objects, now that there aren't any (for now
        only enforced with an assert).
        http://bugs.webkit.org/show_bug.cgi?id=13382

        This change is a .66% speedup on JS iBench for 32-bit platforms, probably much more
        for 64-bit since it finally gives a reasonable cell size, but I did not test that.
        
        * kjs/collector.cpp:
        (KJS::): Use different cell size for 32-bit and 64-bit, now that there is no
        oversize allocation.
        (KJS::Collector::allocate): Remove oversize allocator.
        (KJS::Collector::markStackObjectsConservatively): Don't check oversize objects.
        (KJS::Collector::markMainThreadOnlyObjects): Ditto.
        (KJS::Collector::collect): Ditto.


------------------------------------------------------------------------
r20991 | bdash | 2007-04-21 04:09:45 -0400 (Sat, 21 Apr 2007) | 13 lines | MO: must merge if 20974 is 

2007-04-21  Mitz Pettel  <[email protected]>

        Reviewed by Adam.

        - fix http://bugs.webkit.org/show_bug.cgi?id=13428
          REGRESSION (r20973-r20976): Failing ecma/Array/15.4.4.5-3.js

        - fix http://bugs.webkit.org/show_bug.cgi?id=13429
          REGRESSION (r20973-r20976): Crashing in fast/dom/plugin-attributes-enumeration.html

        * kjs/array_object.cpp:
        (ArrayInstance::sort): Free the old storage, not the new one.

------------------------------------------------------------------------
r20974 | mjs | 2007-04-20 18:20:15 -0400 (Fri, 20 Apr 2007) | 12 lines | MO: maybe merge. optimization with questionable portability

        Reviewed by Darin.
        
        - <rdar://problem/5149915> use mergesort when possible, since it leads to fewer compares (2% JS iBench speedup)

        * kjs/array_object.cpp:
        (ArrayInstance::sort): Use mergesort(3) on platforms that have it, since it tends
        to do fewer compares than qsort; but avoid it very on large arrays since it uses extra
        memory. Also added comments identifying possibly even better sorting algorithms
        for sort by string value and sort by compare function.
        * kjs/config.h:


------------------------------------------------------------------------
r20971 | bdash | 2007-04-20 04:47:42 -0400 (Fri, 20 Apr 2007) | 9 lines | MO: merge

2007-04-20  Mark Rowe  <[email protected]>

        Reviewed by Maciej.

        Fix bogus optimisation in the generic pthread code path.

        * kjs/collector.cpp:
        (KJS::currentThreadStackBase):

------------------------------------------------------------------------
r20970 | bdash | 2007-04-20 03:50:14 -0400 (Fri, 20 Apr 2007) | 10 lines | MO: maybe-merge, should be right as-is

2007-04-20  Mark Rowe  <[email protected]>

        Reviewed by Anders.

        Improve FreeBSD compatibility, as suggested by Alexander Botero-Lowry.

        * kjs/collector.cpp:
        (KJS::currentThreadStackBase): FreeBSD requires that pthread_attr_t's are
        initialized via pthread_attr_init before being used in any context.

------------------------------------------------------------------------
r20949 | bdash | 2007-04-19 10:02:25 -0400 (Thu, 19 Apr 2007) | 24 lines | MO: merge, bugfix, crasher

2007-04-19  Mark Rowe  <[email protected]>

        Reviewed by Darin.

        Fix http://bugs.webkit.org/show_bug.cgi?id=13401
        Bug 13401: Reproducible crash calling myArray.sort(compareFn) from within
        a sort comparison function

        * kjs/array_object.cpp:
        (ArrayInstance::sort): Save/restore the static variables around calls to qsort
        to ensure nested calls to ArrayInstance::sort behave correctly.

2007-04-19  Mark Rowe  <[email protected]>

        Reviewed by Darin.

        Test for http://bugs.webkit.org/show_bug.cgi?id=13401
        Bug 13401: Reproducible crash calling myArray.sort(compareFn) from within
        a sort comparison function

        * fast/js/array-sort-reentrance-expected.txt: Added.
        * fast/js/array-sort-reentrance.html: Added.
        * fast/js/resources/array-sort-reentrance.js: Added.

------------------------------------------------------------------------
r20836 | ggaren | 2007-04-10 18:40:00 -0400 (Tue, 10 Apr 2007) | 8 lines

        Reviewed by Mark Rowe.
        
        Fixed last check-in to print in release builds, too.

        * kjs/collector.cpp:
        (KJS::getPlatformThreadRegisters):


------------------------------------------------------------------------
r20835 | ggaren | 2007-04-10 18:27:26 -0400 (Tue, 10 Apr 2007) | 17 lines | MO: likely no-merge, platform fuzz

        Reviewed by John Sullivan, Darin Adler.
        
        Fixed <rdar://problem/5121899> JavaScript garbage collection leads to 
        later crash under Rosetta (should abort or leak instead?)
        
        Log an error message and crash if the kernel reports failure during GC.
        We decided to do this instead of just leaking because we don't want people
        to get the mistaken impression that running in Rosetta is a supported
        configurtion.
        
        The CRASH macro will also hook into CrashReporter, which will tell us if 
        many (any?) users run into this issue.

        * kjs/collector.cpp:
        (KJS::getPlatformThreadRegisters):


------------------------------------------------------------------------
r20775 | kjk | 2007-04-06 23:02:11 -0400 (Fri, 06 Apr 2007) | 35 lines | MO: merge

Index: JavaScriptCore/ChangeLog
===================================================================
--- JavaScriptCore/ChangeLog	(revision 20709)
+++ JavaScriptCore/ChangeLog	(working copy)
@@ -1,3 +1,14 @@
+2007-04-04  Krzysztof Kowalczyk  <[email protected]>
+
+        Reviewed by darin.
+
+        Coverity fix. Coverity says:
+        "Event var_deref_model: Variable "sourceRanges" tracked as NULL was passed to a
+        function that dereferences it"
+
+        * kjs/string_object.cpp:
+        (KJS::replace):
+
 2007-04-03  Kevin McCullough  <[email protected]>
 
         Reviewed by Adam.
Index: JavaScriptCore/kjs/string_object.cpp
===================================================================
--- JavaScriptCore/kjs/string_object.cpp	(revision 20709)
+++ JavaScriptCore/kjs/string_object.cpp	(working copy)
@@ -387,7 +387,9 @@ static JSValue *replace(ExecState *exec,
     if (lastIndex < source.size())
       pushSourceRange(sourceRanges, sourceRangeCount, sourceRangeCapacity, UString::Range(lastIndex, source.size() - lastIndex));
 
-    UString result = source.spliceSubstringsWithSeparators(sourceRanges, sourceRangeCount, replacements, replacementCount);
+    UString result;
+    if (sourceRanges)
+        result = source.spliceSubstringsWithSeparators(sourceRanges, sourceRangeCount, replacements, replacementCount);
 
     delete [] sourceRanges;
     delete [] replacements;

------------------------------------------------------------------------
r20759 | ggaren | 2007-04-06 14:36:26 -0400 (Fri, 06 Apr 2007) | 6 lines | MO: merge, applicable cleanup

        Rubber stamped by Adele Peterson.

        * kjs/ExecState.h: Removed obsolete forward/friend declaration of 
        RuntimeMethodImp.


------------------------------------------------------------------------
r20738 | kjk | 2007-04-05 18:52:38 -0400 (Thu, 05 Apr 2007) | 8 lines | MO: dunno, date stuff

        Reviewed by darin.

        Coverity fix. Coverity says:
        "Event check_after_deref: Pointer "dateString" dereferenced before NULL check"

        * kjs/date_object.cpp:
        (KJS::parseDate):

------------------------------------------------------------------------
r20736 | kjk | 2007-04-05 18:45:24 -0400 (Thu, 05 Apr 2007) | 11 lines | MO: no-merge, irrelevant

        Reviewed by darin.

        Coverity fixes. Coverity says:
        "Event leaked_storage: Returned without freeing storage "buffer""
        and:
        "Event leaked_storage: Returned without freeing storage "script""

        * kjs/testkjs.cpp:
        (doIt):
        (createStringWithContentsOfFile):

------------------------------------------------------------------------
r20733 | kjk | 2007-04-05 18:33:48 -0400 (Thu, 05 Apr 2007) | 9 lines | MO: maybe-merge, but for similarity only

        Reviewed by darin.

        Coverity fix: in single-threaded case currentThreadIsMainThread is always true
        so the code in if (!currentThreadIsMainThread) cannot possibly be reached
        and Coverity complains about dead code.

        * kjs/collector.cpp:
        (KJS::Collector::collect):

------------------------------------------------------------------------
r20569 | dsmith | 2007-03-29 02:20:38 -0400 (Thu, 29 Mar 2007) | 46 lines | MO: merge, bugfixes 

JavaScriptCore:

        Reviewed by Darin.

        http://bugs.webkit.org/show_bug.cgi?id=12963
        Fix some inconsistencies in the Mozilla JS Array extras implementations
        with respect to the Mozilla implementation:

          - holes in arrays should be skipped, not treated as undefined,
            by all such methods
          - an element with value undefined is not a hole
          - Array.prototype.forEach should return undefined

        * kjs/array_object.cpp:
        (ArrayInstance::getOwnPropertySlot):
        (ArrayProtoFunc::callAsFunction):

LayoutTests:

        Reviewed by Darin.

         http://bugs.webkit.org/show_bug.cgi?id=12963
         Fix some inconsistencies in the Mozilla JS Array extras implementations
         with respect to the Mozilla implementation:

           - holes in arrays should be skipped, not treated as undefined,
             by all such methods
           - an element with value undefined is not a hole
           - Array.prototype.forEach should return undefined

        * fast/js/array-every-expected.txt:
        * fast/js/array-filter-expected.txt: Added.
        * fast/js/array-filter.html: Added.
        * fast/js/array-foreach-expected.txt:
        * fast/js/array-foreach.html:
        * fast/js/array-indexof-expected.txt:
        * fast/js/array-indexof.html:
        * fast/js/array-lastIndexOf-expected.txt:
        * fast/js/array-map-expected.txt: Added.
        * fast/js/array-map.html: Added.
        * fast/js/array-some-expected.txt:
        * fast/js/array-some.html:
        * fast/js/resources/array-every.js:
        * fast/js/resources/array-lastIndexOf.js:


------------------------------------------------------------------------
r20500 | beidson | 2007-03-26 19:52:40 -0400 (Mon, 26 Mar 2007) | 11 lines | MO: no-merge, irrevant

        Rubberstamped by Anders and Maciej aand Geoff (oh my!)
        
        Since CFTypeRef is really void*, a RetainPtr couldn't be used. 
        RefType was "void", which doesn't actually exist as a type.
        Since RefType only existed for operator*(), and since that operator
        doesn't make any sense for RetainPtr, I removed them!

        * kjs/nodes.cpp: Touch this to force a rebuild and (hopefully) help the
          compiler with dependencies
        * wtf/RetainPtr.h: Nuke RefType and operator*()


------------------------------------------------------------------------
r20361 | zack | 2007-03-21 05:30:26 -0400 (Wed, 21 Mar 2007) | 2 lines | MO: not sure, I don't know what's the best way to handle the collector + threads ultra-mess

Fix the compile when USE(MULTIPLE_THREADS) isn't defined

------------------------------------------------------------------------
r20353 | thatcher | 2007-03-20 20:11:36 -0400 (Tue, 20 Mar 2007) | 1 line | MO: see above

Build fix.
------------------------------------------------------------------------
r20351 | mjs | 2007-03-20 19:57:01 -0400 (Tue, 20 Mar 2007) | 52 lines | MO: see above

        Reviewed by Geoff and Adam.
        
        - make USE(MULTIPLE_THREADS) support more portable
        http://bugs.webkit.org/show_bug.cgi?id=13069
        
        - fixed a threadsafety bug discovered by testing this
        
        - enhanced threadsafety assertions in collector

        * API/JSCallbackObject.cpp:
        (KJS::JSCallbackObject::~JSCallbackObject): This destructor can't
        DropAllLocks around the finalize callback, because it gets called
        from garbage collection and we can't let other threads collect!

        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
        * kjs/JSLock.cpp:
        (KJS::JSLock::currentThreadIsHoldingLock): Added new function
        to allow stronger assertions than just that the lock is held
        by some thread (you can now assert that the current thread is
        holding it, given the new JSLock design).
        * kjs/JSLock.h:
        * kjs/collector.cpp: Refactored for portability plus added some
        stronger assertions.
        (KJS::Collector::allocate):
        (KJS::currentThreadStackBase):
        (KJS::Collector::registerAsMainThread):
        (KJS::onMainThread):
        (KJS::PlatformThread::PlatformThread):
        (KJS::getCurrentPlatformThread):
        (KJS::Collector::Thread::Thread):
        (KJS::destroyRegisteredThread):
        (KJS::Collector::registerThread):
        (KJS::Collector::markCurrentThreadConservatively):
        (KJS::suspendThread):
        (KJS::resumeThread):
        (KJS::getPlatformThreadRegisters):
        (KJS::otherThreadStackPointer):
        (KJS::otherThreadStackBase):
        (KJS::Collector::markOtherThreadConservatively):
        (KJS::Collector::markStackObjectsConservatively):
        (KJS::Collector::protect):
        (KJS::Collector::unprotect):
        (KJS::Collector::collectOnMainThreadOnly):
        (KJS::Collector::markMainThreadOnlyObjects):
        (KJS::Collector::collect):
        * kjs/collector.h:
        * wtf/FastMalloc.cpp:
        (WTF::fastMallocSetIsMultiThreaded):
        * wtf/FastMallocInternal.h:
        * wtf/Platform.h:


------------------------------------------------------------------------
r20330 | darin | 2007-03-19 19:50:43 -0400 (Mon, 19 Mar 2007) | 13 lines | MO: maybe-merge, small/safe optimization

        Reviewed by Geoff.

        - Changed list size threshold to 5 based on testing.

        I was testing the i-Bench JavaScript with the list statistics
        dumping on, and discovered that there were many 5-element lists.
        The fast case for lists was for 4 elements and fewer. By changing
        the threshold to 5 elements we get a measurable speedup. I believe
        this will help real web pages too, not just the benchmark.

        * kjs/list.cpp: Change constant from 4 to 5.


------------------------------------------------------------------------
r20295 | ggaren | 2007-03-18 19:02:39 -0400 (Sun, 18 Mar 2007) | 40 lines | MO: merge after analysis.

JavaScriptCore:

        Reviewed by Oliver Hunt.
        
        Exposed some extra toUInt32 functionality, as part of the fix for
        REGRESSION: Incomplete document.all implementation breaks abtelectronics.com 
        (Style Change Through JavaScript Blanks Content)

        * JavaScriptCore.exp:
        * kjs/identifier.h:
        (KJS::Identifier::toUInt32):

LayoutTests:

        Reviewed by Oliver Hunt.
        
        Layout test for http://bugs.webkit.org/show_bug.cgi?id=13106
        REGRESSION: Incomplete document.all implementation breaks abtelectronics.com 
        (Style Change Through JavaScript Blanks Content)

        * fast/dom/collection-null-like-arguments-expected.txt: Added.
        * fast/dom/collection-null-like-arguments.html: Added.

WebCore:

        Reviewed by Oliver Hunt.
        
        Fixed http://bugs.webkit.org/show_bug.cgi?id=13106
        REGRESSION: Incomplete document.all implementation breaks abtelectronics.com 
        (Style Change Through JavaScript Blanks Content)
        
        When indexing into collections, treat the empty string as an invalid argument,
        instead of the number 0.

        * bindings/js/kjs_html.cpp:
        (KJS::JSHTMLCollection::getOwnPropertySlot):
        (KJS::JSHTMLCollection::callAsFunction):
        (KJS::JSHTMLCollectionPrototypeFunction::callAsFunction):


------------------------------------------------------------------------