⚠ Archived content — this site is no longer maintained.   Current WebKit documentation is at docs.webkit.org.

Timeline



Jul 21, 2013:

9:04 PM Changeset in webkit [152959] by fpizlo@apple.com
  • 5 edits
    6 adds in branches/dfgFourthTier/Source

fourthTier: DFG Nodes should be able to abstractly tell you what they read and what they write
https://bugs.webkit.org/show_bug.cgi?id=118910

Source/JavaScriptCore:

Reviewed by Sam Weinig.

Add the notion of AbstractHeap to the DFG. This is analogous to the AbstractHeap in
the FTL, except that the FTL's AbstractHeaps are used during LLVM lowering and are
engineered to obey LLVM TBAA logic. The FTL's AbstractHeaps are also engineered to
be inexpensive to use (they just give you a TBAA node) but expensive to create (you
create them all up front). FTL AbstractHeaps also don't actually give you the
ability to reason about aliasing; they are *just* a mechanism for lowering to TBAA.
The DFG's AbstractHeaps are engineered to be both cheap to create and cheap to use.
They also give you aliasing machinery. The DFG AbstractHeaps are represented
internally by a int64_t. Many comparisons between them are just integer comaprisons.
AbstractHeaps form a three-level hierarchy (World is the supertype of everything,
Kind with a TOP payload is a direct subtype of World, and Kind with a non-TOP
payload is the direct subtype of its corresponding TOP Kind).

Add the notion of a ClobberSet. This is the set of AbstractHeaps that you had
clobbered. It represents the set that results from unifying a bunch of
AbstractHeaps, and is intended to quickly answer overlap questions: does the given
AbstractHeap overlap any AbstractHeap in the ClobberSet? To this end, if you add an
AbstractHeap to a set, it "directly" adds the heap itself, and "super" adds all of
its ancestors. An AbstractHeap is said to overlap a set if any direct or super
member is equal to it, or if any of its ancestors are equal to a direct member.

Example #1:

  • I add Variables(5). I.e. Variables is the Kind and 5 is the payload. This is a subtype of Variables, which is a subtype of World.
  • You query Variables. I.e. Variables with a TOP payload, which is the supertype of Variables(X) for any X, and a subtype of World.


The set will have Variables(5) as a direct member, and Variables and World as
super members. The Variables query will immediately return true, because
Variables is indeed a super member.


Example #2:

  • I add Variables(5)
  • You query NamedProperties


NamedProperties is not a member at all (neither direct or super). We next
query World. World is a member, but it's a super member, so we return false.


Example #3:

  • I add Variables
  • You query Variables(5)


The set will have Variables as a direct member, and World as a super member.
The Variables(5) query will not find Variables(5) in the set, but then it
will query Variables. Variables is a direct member, so we return true.


Example #4:

  • I add Variables
  • You query NamedProperties(5)


Neither NamedProperties nor NamedProperties(5) are members. We next query
World. World is a member, but it's a super member, so we return false.


Overlap queries require that either the heap being queried is in the set (either
direct or super), or that one of its ancestors is a direct member. Another way to
think about how this works is that two heaps A and B are said to overlap if
A.isSubtypeOf(B) or B.isSubtypeOf(A). This is sound since heaps form a
single-inheritance heirarchy. Consider that we wanted to implement a set that holds
heaps and answers the question, "is any member in the set an ancestor (i.e.
supertype) of some other heap". We would have the set contain the heaps themselves,
and we would satisfy the query "A.isSubtypeOfAny(set)" by walking the ancestor
chain of A, and repeatedly querying its membership in the set. This is what the
"direct" members of our set do. Now consider the other part, where we want to ask if
any member of the set is a descendent of a heap, or "A.isSupertypeOfAny(set)". We
would implement this by implementing set.add(B) as adding not just B but also all of
B's ancestors; then we would answer A.isSupertypeOfAny(set) by just checking if A is
in the set. With two such sets - one that answers isSubtypeOfAny() and another that
answers isSupertypeOfAny() - we could answer the "do any of my heaps overlap your
heap" question. ClobberSet does this, but combines the two sets into a single
HashMap. The HashMap's value, "direct", means that the key is a member of both the
supertype set and the subtype set; if it's false then it's only a member of one of
them.

Finally, this adds a functorized clobberize() method that adds the read and write
clobbers of a DFG::Node to read and write functors. Common functors for adding to
ClobberSets, querying overlap, and doing nothing are provided. Convenient wrappers
are also provided. This allows you to say things like:

ClobberSet set;
addWrites(graph, node1, set);
if (readsOverlap(graph, node2, set))

We know that node1 may write to something that node2 may read from.


Currently this facility is only used to improve graph dumping, but it will be
instrumental in both LICM and GVN. In the future, I want to completely kill the
NodeClobbersWorld and NodeMightClobber flags, and eradicate CSEPhase's hackish way
of accomplishing almost exactly what AbstractHeap gives you.

  • JavaScriptCore.xcodeproj/project.pbxproj:
  • dfg/DFGAbstractHeap.cpp: Added.

(DFG):
(JSC::DFG::AbstractHeap::Payload::dump):
(JSC::DFG::AbstractHeap::dump):
(WTF):
(WTF::printInternal):

  • dfg/DFGAbstractHeap.h: Added.

(DFG):
(AbstractHeap):
(Payload):
(JSC::DFG::AbstractHeap::Payload::Payload):
(JSC::DFG::AbstractHeap::Payload::top):
(JSC::DFG::AbstractHeap::Payload::isTop):
(JSC::DFG::AbstractHeap::Payload::value):
(JSC::DFG::AbstractHeap::Payload::valueImpl):
(JSC::DFG::AbstractHeap::Payload::operator==):
(JSC::DFG::AbstractHeap::Payload::operator!=):
(JSC::DFG::AbstractHeap::Payload::operator<):
(JSC::DFG::AbstractHeap::Payload::isDisjoint):
(JSC::DFG::AbstractHeap::Payload::overlaps):
(JSC::DFG::AbstractHeap::AbstractHeap):
(JSC::DFG::AbstractHeap::operator!):
(JSC::DFG::AbstractHeap::kind):
(JSC::DFG::AbstractHeap::payload):
(JSC::DFG::AbstractHeap::isDisjoint):
(JSC::DFG::AbstractHeap::overlaps):
(JSC::DFG::AbstractHeap::supertype):
(JSC::DFG::AbstractHeap::hash):
(JSC::DFG::AbstractHeap::operator==):
(JSC::DFG::AbstractHeap::operator!=):
(JSC::DFG::AbstractHeap::operator<):
(JSC::DFG::AbstractHeap::isHashTableDeletedValue):
(JSC::DFG::AbstractHeap::payloadImpl):
(JSC::DFG::AbstractHeap::encode):
(JSC::DFG::AbstractHeapHash::hash):
(JSC::DFG::AbstractHeapHash::equal):
(AbstractHeapHash):
(WTF):

  • dfg/DFGClobberSet.cpp: Added.

(DFG):
(JSC::DFG::ClobberSet::ClobberSet):
(JSC::DFG::ClobberSet::~ClobberSet):
(JSC::DFG::ClobberSet::add):
(JSC::DFG::ClobberSet::addAll):
(JSC::DFG::ClobberSet::contains):
(JSC::DFG::ClobberSet::overlaps):
(JSC::DFG::ClobberSet::clear):
(JSC::DFG::ClobberSet::direct):
(JSC::DFG::ClobberSet::super):
(JSC::DFG::ClobberSet::dump):
(JSC::DFG::ClobberSet::setOf):
(JSC::DFG::addReads):
(JSC::DFG::addWrites):
(JSC::DFG::addReadsAndWrites):
(JSC::DFG::readsOverlap):
(JSC::DFG::writesOverlap):

  • dfg/DFGClobberSet.h: Added.

(DFG):
(ClobberSet):
(JSC::DFG::ClobberSet::isEmpty):
(ClobberSetAdd):
(JSC::DFG::ClobberSetAdd::ClobberSetAdd):
(JSC::DFG::ClobberSetAdd::operator()):
(ClobberSetOverlaps):
(JSC::DFG::ClobberSetOverlaps::ClobberSetOverlaps):
(JSC::DFG::ClobberSetOverlaps::operator()):
(JSC::DFG::ClobberSetOverlaps::result):

  • dfg/DFGClobberize.cpp: Added.

(DFG):
(JSC::DFG::didWrites):

  • dfg/DFGClobberize.h: Added.

(DFG):
(JSC::DFG::clobberize):
(NoOpClobberize):
(JSC::DFG::NoOpClobberize::NoOpClobberize):
(JSC::DFG::NoOpClobberize::operator()):
(CheckClobberize):
(JSC::DFG::CheckClobberize::CheckClobberize):
(JSC::DFG::CheckClobberize::operator()):
(JSC::DFG::CheckClobberize::result):

  • dfg/DFGGraph.cpp:

(JSC::DFG::Graph::dump):

Source/WTF:

Reviewed by Sam Weinig.

Fix compile goof in sortedListDump().

  • wtf/ListDump.h:

(WTF::sortedListDump):

8:57 PM Changeset in webkit [152958] by fpizlo@apple.com
  • 4 edits in branches/dfgFourthTier/Source/JavaScriptCore

fourthTier: It should be easy to figure out which blocks nodes belong to
https://bugs.webkit.org/show_bug.cgi?id=118957

Reviewed by Sam Weinig.

  • dfg/DFGGraph.cpp:

(DFG):
(JSC::DFG::Graph::initializeNodeOwners):

  • dfg/DFGGraph.h:

(Graph):

  • dfg/DFGNode.h:
8:36 PM Changeset in webkit [152957] by fpizlo@apple.com
  • 18 edits in branches/dfgFourthTier/Source/JavaScriptCore

fourthTier: NodeExitsForward shouldn't be duplicated in NodeType
https://bugs.webkit.org/show_bug.cgi?id=118956

Reviewed by Sam Weinig.

We had two way of expressing that something exits forward: the NodeExitsForward
flag and the word 'Forward' in the NodeType. That's kind of dumb. This patch
makes it just be a flag.

  • dfg/DFGAbstractInterpreterInlines.h:

(JSC::DFG::::executeEffects):

  • dfg/DFGArgumentsSimplificationPhase.cpp:

(JSC::DFG::ArgumentsSimplificationPhase::run):

  • dfg/DFGCSEPhase.cpp:

(JSC::DFG::CSEPhase::int32ToDoubleCSE):
(JSC::DFG::CSEPhase::checkStructureElimination):
(JSC::DFG::CSEPhase::structureTransitionWatchpointElimination):
(JSC::DFG::CSEPhase::putStructureStoreElimination):
(JSC::DFG::CSEPhase::checkArrayElimination):
(JSC::DFG::CSEPhase::performNodeCSE):

  • dfg/DFGConstantFoldingPhase.cpp:

(JSC::DFG::ConstantFoldingPhase::foldConstants):

  • dfg/DFGFixupPhase.cpp:

(JSC::DFG::FixupPhase::fixupNode):
(JSC::DFG::FixupPhase::injectInt32ToDoubleNode):

  • dfg/DFGMinifiedNode.h:

(JSC::DFG::belongsInMinifiedGraph):
(JSC::DFG::MinifiedNode::hasChild):

  • dfg/DFGNode.h:

(JSC::DFG::Node::convertToStructureTransitionWatchpoint):
(JSC::DFG::Node::hasStructureSet):
(JSC::DFG::Node::hasStructure):
(JSC::DFG::Node::hasArrayMode):
(JSC::DFG::Node::willHaveCodeGenOrOSR):

  • dfg/DFGNodeType.h:

(DFG):
(JSC::DFG::needsOSRForwardRewiring):

  • dfg/DFGPredictionPropagationPhase.cpp:

(JSC::DFG::PredictionPropagationPhase::propagate):

  • dfg/DFGSafeToExecute.h:

(JSC::DFG::safeToExecute):

  • dfg/DFGSpeculativeJIT.cpp:

(JSC::DFG::SpeculativeJIT::compileInt32ToDouble):

  • dfg/DFGSpeculativeJIT32_64.cpp:

(JSC::DFG::SpeculativeJIT::compile):

  • dfg/DFGSpeculativeJIT64.cpp:

(JSC::DFG::SpeculativeJIT::compile):

  • dfg/DFGTypeCheckHoistingPhase.cpp:

(JSC::DFG::TypeCheckHoistingPhase::run):
(JSC::DFG::TypeCheckHoistingPhase::identifyRedundantStructureChecks):
(JSC::DFG::TypeCheckHoistingPhase::identifyRedundantArrayChecks):

  • dfg/DFGVariableEventStream.cpp:

(JSC::DFG::VariableEventStream::reconstruct):

  • ftl/FTLCapabilities.cpp:

(JSC::FTL::canCompile):

  • ftl/FTLLowerDFGToLLVM.cpp:

(JSC::FTL::LowerDFGToLLVM::compileNode):
(JSC::FTL::LowerDFGToLLVM::addExitArgumentForNode):

8:24 PM Changeset in webkit [152956] by commit-queue@webkit.org
  • 2 edits in trunk/Source/WebInspectorUI

Web Inspector: Cleanup InspectorFrontendHostStub.js
https://bugs.webkit.org/show_bug.cgi?id=118959

Patch by Seokju Kwon <Seokju Kwon> on 2013-07-21
Reviewed by Timothy Hatcher.

Remove some functions because we dont use on New Inspector.

  • UserInterface/InspectorFrontendHostStub.js:

(.WebInspector.InspectorFrontendHostStub):
(.WebInspector.InspectorFrontendHostStub.prototype.save):

5:13 PM Changeset in webkit [152955] by gyuyoung.kim@samsung.com
  • 7 edits in trunk/Source/WebCore

Introduce toSVGGradientElement(), use it
https://bugs.webkit.org/show_bug.cgi?id=118943

Reviewed by Andreas Kling.

As a step to change static_cast with toSVGXXX, static_cast<SVGGradientElement*> can
be changed with toSVGGradientElement().

No new tests, no behavior change.

  • rendering/svg/RenderSVGGradientStop.cpp:

(WebCore::RenderSVGGradientStop::gradientElement):

  • rendering/svg/RenderSVGResourceGradient.cpp:

(WebCore::RenderSVGResourceGradient::applyResource):

  • rendering/svg/SVGResources.cpp:

(WebCore::targetReferenceFromResource):

  • svg/SVGGradientElement.h:

(WebCore::toSVGGradientElement):

  • svg/SVGLinearGradientElement.cpp:

(WebCore::SVGLinearGradientElement::collectGradientAttributes):

  • svg/SVGRadialGradientElement.cpp:

(WebCore::SVGRadialGradientElement::collectGradientAttributes):

4:42 PM Changeset in webkit [152954] by fpizlo@apple.com
  • 10 edits in branches/dfgFourthTier/Source/JavaScriptCore

fourthTier: It should be possible for a DFG::Node to claim to exit to one CodeOrigin, but then claim that it belongs to a different CodeOrigin for all other purposes
https://bugs.webkit.org/show_bug.cgi?id=118946

Reviewed by Geoffrey Garen.

We want to decouple the exit target code origin of a node from the code origin
for all other purposes. The purposes of code origins are:

  • Where the node will exit, if it exits. The exit target should be consistent with the surrounding nodes, in that if you just looked at the code origins of nodes in the graph, they would be consistent with the code origins in bytecode. This is necessary for live-at-bytecode analyses to work, and to preserve the original bytecode semantics when exiting.


  • What kind of code the node came from, for semantics thingies. For example, we might use the code origin to find the node's global object for doing an original array check. Or we might use it to determine if the code is in strict mode. Or other similar things. When we use the code origin in this way, we're basically using it as a way of describing the node's meta-data without putting it into the node directly, to save space. In the absurd extreme you could imagine nodes not even having NodeTypes or NodeFlags, and just using the CodeOrigin to determine what bytecode the node originated from. We won't do that, but you can think of this use of code origins as just a way of compressing meta-data.


  • What code origin we should supply profiling to, if we exit. This is closely related to the semantics thingies, in that the exit profiling is a persistent kind of semantic meta-data that survives between recompiles, and the only way to do that is to ascribe it to the original bytecode via the code origin.


If we hoist a node, we need to change the exit target code origin, but we must not
change the code origin for other purposes. The best way to do this is to decouple
the two kinds of code origin.

OSR exit data structures already do this, because they may edit the exit target
code origin while keeping the code origin for profiling intact. This happens for
forward exits. So, we just need to thread separation all the way back to DFG::Node.
That's what this patch does.

  • dfg/DFGNode.h:

(JSC::DFG::Node::Node):
(Node):

  • dfg/DFGOSRExit.cpp:

(JSC::DFG::OSRExit::OSRExit):

  • dfg/DFGOSRExitBase.h:

(JSC::DFG::OSRExitBase::OSRExitBase):

  • dfg/DFGSpeculativeJIT.cpp:

(JSC::DFG::SpeculativeJIT::compileCurrentBlock):
(JSC::DFG::SpeculativeJIT::checkArgumentTypes):

  • dfg/DFGSpeculativeJIT.h:

(SpeculativeJIT):

  • ftl/FTLLowerDFGToLLVM.cpp:

(JSC::FTL::LowerDFGToLLVM::compileNode):
(JSC::FTL::LowerDFGToLLVM::appendOSRExit):
(LowerDFGToLLVM):

  • ftl/FTLOSRExit.cpp:

(JSC::FTL::OSRExit::OSRExit):

  • ftl/FTLOSRExit.h:

(OSRExit):

2:44 PM Changeset in webkit [152953] by fpizlo@apple.com
  • 6 edits
    1 add in branches/dfgFourthTier/Source/JavaScriptCore

fourthTier: each DFG node that relies on other nodes to do their type checks should be able to tell you if those type checks happened
https://bugs.webkit.org/show_bug.cgi?id=118866

Reviewed by Sam Weinig.

Adds a safeToExecute() method that takes a node and an abstract state and tells you
if the node will run without crashing under that state.

(JSC::CodeBlock::CodeBlock):

  • dfg/DFGCFAPhase.cpp:

(CFAPhase):
(JSC::DFG::CFAPhase::CFAPhase):
(JSC::DFG::CFAPhase::run):
(JSC::DFG::CFAPhase::performBlockCFA):
(JSC::DFG::CFAPhase::performForwardCFA):

  • dfg/DFGSafeToExecute.h: Added.

(DFG):
(SafeToExecuteEdge):
(JSC::DFG::SafeToExecuteEdge::SafeToExecuteEdge):
(JSC::DFG::SafeToExecuteEdge::operator()):
(JSC::DFG::SafeToExecuteEdge::result):
(JSC::DFG::safeToExecute):

  • dfg/DFGStructureAbstractValue.h:

(JSC::DFG::StructureAbstractValue::isValidOffset):
(StructureAbstractValue):

  • runtime/Options.h:

(JSC):

2:28 PM Changeset in webkit [152952] by fpizlo@apple.com
  • 9 edits
    3 adds in branches/dfgFourthTier

fourthTier: FTL should be able to generate LLVM IR that uses an intrinsic for OSR exit
https://bugs.webkit.org/show_bug.cgi?id=118948

Source/JavaScriptCore:

Reviewed by Sam Weinig.

  • Add the ability to generate LLVM IR but then not use it, via --llvmAlwaysFails=true. This allows doing "what if" experiments with IR generation, even if the generated IR can't yet execute.


  • Add an OSR exit path that just calls an intrinsic that combines the branch and the off-ramp.

(JSC::DFG::Plan::compileInThreadImpl):

  • ftl/FTLFail.cpp: Added.

(FTL):
(JSC::FTL::fail):

  • ftl/FTLFail.h: Added.

(FTL):

  • ftl/FTLIntrinsicRepository.h:

(FTL):

  • ftl/FTLLowerDFGToLLVM.cpp:

(JSC::FTL::LowerDFGToLLVM::appendOSRExit):
(JSC::FTL::LowerDFGToLLVM::emitOSRExitCall):

  • runtime/Options.h:

(JSC):

Tools:

Reviewed by Sam Weinig.

  • Make ReducedFTL capable of dealing with code that uses the fake OSR exit intrinsic, by exporting it as a function.


  • Make combineModules.rb idempotent. Sometimes it's convenient to run a file through it even if you know that you've already done so. See processIRDump.sh.


  • Add a script, processIRDump.sh, that takes the output of --dumpLLVMIR=true and runs it through ReducedFTL automatically. You typically want to say something like:


jsc --dumpLLVMIR=true <program(s)> > jsc-output.txt
./processIRDump.sh --timing < jsc-output.txt

  • ReducedFTL/ReducedFTL.c:

(webkit_osr_exit):

  • ReducedFTL/combineModules.rb:
  • ReducedFTL/processIRDump.sh: Added.
12:05 PM Changeset in webkit [152951] by akling@apple.com
  • 4 edits in trunk

KURL creates duplicate strings when completing data: URIs.
<http://webkit.org/b/118952>
<rdar://problem/14504480>

Reviewed by Anders Carlsson.

Source/WebCore:

When checking if the original URL input string can be reused, compare against the part
of the parsing buffer that we would actually return, not the entire buffer.

632 kB progression on <http://www.nytimes.com/>

Test: KURLTest.KURLDataURIStringSharing

  • platform/KURL.cpp:

(WebCore::KURL::parse):

Tools:

  • TestWebKitAPI/Tests/WebCore/KURL.cpp:

(TestWebKitAPI::TEST_F):

11:55 AM Changeset in webkit [152950] by andersca@apple.com
  • 2 edits in trunk/Source/WebKit2

Java Updater not launched on Lion and Mountain Lion
https://bugs.webkit.org/show_bug.cgi?id=118953
<rdar://problem/14496721>

Reviewed by Sam Weinig.

On Lion and Mountain Lion, -[NSURL isEqual:] will return NO for two file URLs if one of
them has "localhost" specified, even if the paths are otherwise equal. Work around this by
comparing the paths directly.

  • UIProcess/Plugins/mac/PluginProcessProxyMac.mm:

(WebKit::isJavaUpdaterURL):

Jul 20, 2013:

6:45 PM Changeset in webkit [152949] by Brent Fulgham
  • 2 edits
    1 delete in trunk/Source/JavaScriptCore

[Windows] Remove unneeded custom stdint.h now that we build on VS2010.
https://bugs.webkit.org/show_bug.cgi?id=118868.

Reviewed by Anders Carlsson.

  • os-win32/stdint.h: Removed.
  • GNUmakefile.list.am: Removed reference to os-win32/stdint.h
6:02 PM Changeset in webkit [152948] by benjamin@webkit.org
  • 6 edits in trunk/Source/WebCore

Add ASCIILiteral() on strings allocated often enough to appear in my Instruments
https://bugs.webkit.org/show_bug.cgi?id=118937

Reviewed by Alexey Proskuryakov.

  • html/BaseCheckableInputType.cpp:

(WebCore::BaseCheckableInputType::saveFormControlState):
(WebCore::BaseCheckableInputType::fallbackValue):

  • html/HTMLTextFormControlElement.cpp:

(WebCore::HTMLTextFormControlElement::updatePlaceholderVisibility):

  • inspector/InspectorApplicationCacheAgent.cpp:

(WebCore::InspectorApplicationCacheAgent::InspectorApplicationCacheAgent):

  • loader/cache/CachedScript.cpp:

(WebCore::CachedScript::CachedScript):

  • platform/network/ResourceRequestBase.h:

(WebCore::ResourceRequestBase::ResourceRequestBase):

5:31 PM Changeset in webkit [152947] by fpizlo@apple.com
  • 2 edits in branches/dfgFourthTier/Tools

fourthTier: We should use the no-asserts build of LLVM if that's what the user configured
https://bugs.webkit.org/show_bug.cgi?id=118947

Reviewed by Dan Bernstein.

  • Scripts/copy-webkitlibraries-to-product-directory:
3:23 PM Changeset in webkit [152946] by dino@apple.com
  • 43 edits
    1 move
    3 adds
    77 deletes in trunk/Source

Updated ANGLE is leaking like a sieve
https://bugs.webkit.org/show_bug.cgi?id=118939

Rollout 152863, r152821, r152929 and r152755.

Source/ThirdParty/ANGLE:

  • ANGLE.plist:
  • ANGLE.xcodeproj/project.pbxproj:
  • DerivedSources.make: Removed.
  • GNUmakefile.am:
  • Target.pri:
  • include/GLSLANG/ShaderLang.h:
  • src/compiler/BaseTypes.h:

(getQualifierString):

  • src/compiler/Common.h:

(EncodeSourceLoc):
(DecodeSourceLoc):

  • src/compiler/Compiler.cpp:

(TCompiler::TCompiler):
(TCompiler::Init):
(TCompiler::compile):
(TCompiler::detectRecursion):

  • src/compiler/ConstantUnion.h:

(ConstantUnion::ConstantUnion):

  • src/compiler/DetectCallDepth.cpp: Removed.
  • src/compiler/DetectRecursion.cpp: Added.

(DetectRecursion::FunctionNode::FunctionNode):
(DetectRecursion::FunctionNode::getName):
(DetectRecursion::FunctionNode::addCallee):
(DetectRecursion::FunctionNode::detectRecursion):
(DetectRecursion::DetectRecursion):
(DetectRecursion::~DetectRecursion):
(DetectRecursion::visitAggregate):
(DetectRecursion::detectRecursion):
(DetectRecursion::findFunctionByName):

  • src/compiler/DetectRecursion.h: Renamed from Source/ThirdParty/ANGLE/src/compiler/DetectCallDepth.h.
  • src/compiler/Diagnostics.cpp:

(TDiagnostics::writeInfo):

  • src/compiler/ForLoopUnroll.cpp:

(ForLoopUnroll::evaluateIntConstant):

  • src/compiler/InfoSink.cpp:

(TInfoSinkBase::prefix):
(TInfoSinkBase::location):
(TInfoSinkBase::message):

  • src/compiler/InfoSink.h:
  • src/compiler/Initialize.cpp:

(BuiltInFunctionsCommon):
(BuiltInFunctionsVertex):
(TBuiltIns::initialize):
(IdentifyBuiltIns):
(InitExtensionBehavior):

  • src/compiler/Intermediate.cpp:

(TIntermediate::addSymbol):
(TIntermediate::addBinaryMath):
(TIntermediate::addAssign):
(TIntermediate::addIndex):
(TIntermediate::addUnaryMath):
(TIntermediate::setAggregateOperator):
(TIntermediate::addConversion):
(TIntermediate::growAggregate):
(TIntermediate::makeAggregate):
(TIntermediate::addSelection):
(TIntermediate::addComma):
(TIntermediate::addConstantUnion):
(TIntermediate::addSwizzle):
(TIntermediate::addLoop):
(TIntermediate::addBranch):
(TIntermUnary::promote):
(TIntermBinary::promote):
(CompareStruct):
(CompareStructure):
(TIntermConstantUnion::fold):
(TIntermediate::promoteConstantUnion):

  • src/compiler/OutputGLSL.cpp:

(TOutputGLSL::writeVariablePrecision):

  • src/compiler/OutputGLSL.h:
  • src/compiler/OutputGLSLBase.cpp:

(TOutputGLSLBase::writeVariableType):
(TOutputGLSLBase::writeConstantUnion):
(TOutputGLSLBase::visitBinary):
(TOutputGLSLBase::visitAggregate):
(TOutputGLSLBase::getTypeName):
(TOutputGLSLBase::hashFunctionName):

  • src/compiler/OutputGLSLBase.h:
  • src/compiler/OutputHLSL.cpp:

(sh::OutputHLSL::OutputHLSL):
(sh::OutputHLSL::header):
(sh::OutputHLSL::visitSymbol):
(sh::OutputHLSL::visitBinary):
(sh::OutputHLSL::visitAggregate):
(sh::OutputHLSL::visitSelection):
(sh::OutputHLSL::visitLoop):
(sh::OutputHLSL::handleExcessiveLoop):
(sh::OutputHLSL::typeString):
(sh::OutputHLSL::initializer):
(sh::OutputHLSL::addConstructor):
(sh::OutputHLSL::writeConstantUnion):
(sh::OutputHLSL::decorateField):

  • src/compiler/OutputHLSL.h:
  • src/compiler/ParseHelper.cpp:

(TParseContext::parseVectorFields):
(TParseContext::parseMatrixFields):
(TParseContext::error):
(TParseContext::warning):
(TParseContext::assignError):
(TParseContext::unaryOpError):
(TParseContext::binaryOpError):
(TParseContext::precisionErrorCheck):
(TParseContext::lValueErrorCheck):
(TParseContext::globalErrorCheck):
(TParseContext::reservedErrorCheck):
(TParseContext::constructorErrorCheck):
(TParseContext::voidErrorCheck):
(TParseContext::boolErrorCheck):
(TParseContext::samplerErrorCheck):
(TParseContext::structQualifierErrorCheck):
(TParseContext::parameterSamplerErrorCheck):
(TParseContext::containsSampler):
(TParseContext::arraySizeErrorCheck):
(TParseContext::arrayQualifierErrorCheck):
(TParseContext::arrayTypeErrorCheck):
(TParseContext::arrayErrorCheck):
(TParseContext::arraySetMaxSize):
(TParseContext::nonInitConstErrorCheck):
(TParseContext::nonInitErrorCheck):
(TParseContext::paramErrorCheck):
(TParseContext::extensionErrorCheck):
(TParseContext::handleExtensionDirective):
(TParseContext::handlePragmaDirective):
(TParseContext::findFunction):
(TParseContext::executeInitializer):
(TParseContext::addConstructor):
(TParseContext::constructBuiltIn):
(TParseContext::constructStruct):
(TParseContext::addConstVectorNode):
(TParseContext::addConstMatrixNode):
(TParseContext::addConstArrayNode):
(TParseContext::addConstStruct):
(TParseContext::enterStructDeclaration):
(TParseContext::structNestingErrorCheck):

  • src/compiler/ParseHelper.h:

(TParseContext::TParseContext):
(TParseContext::pragma):

  • src/compiler/PoolAlloc.cpp:

(TPoolAllocator::allocate):

  • src/compiler/ShHandle.h:
  • src/compiler/ShaderLang.cpp:

(ShInitBuiltInResources):

  • src/compiler/SymbolTable.cpp:

(TType::TType):
(TType::buildMangledName):
(TType::getStructSize):
(TType::computeDeepestStructNesting):
(TType::isStructureContainingArrays):
(TSymbolTableLevel::relateToExtension):
(TSymbol::TSymbol):
(TVariable::TVariable):
(TVariable::clone):
(TFunction::TFunction):
(TFunction::clone):
(TSymbolTableLevel::clone):
(TSymbolTable::copyTable):

  • src/compiler/SymbolTable.h:

(TVariable::TVariable):
(TVariable::updateArrayInformationType):
(TVariable::getArrayInformationType):
(TParameter::copyParam):
(TFunction::relateToExtension):
(TFunction::getExtension):

  • src/compiler/Types.h:

(NewPoolTTypeList):
(TType::TType):
(TType::copyType):
(TType::clone):
(TType::getObjectSize):
(TType::getMaxArraySize):
(TType::setMaxArraySize):
(TType::clearArrayness):
(TType::setArrayInformationType):
(TType::getArrayInformationType):
(TType::getStruct):
(TType::setStruct):
(TType::getTypeName):
(TType::setTypeName):
(TType::isField):
(TType::getFieldName):
(TType::setFieldName):
(TType::getMangledName):
(TType::getDeepestStructNesting):
(TPublicType::setBasic):

  • src/compiler/VariableInfo.cpp:

(getUserDefinedVariableInfo):

  • src/compiler/builtin_symbol_table.cpp: Removed.
  • src/compiler/builtin_symbol_table.h: Removed.
  • src/compiler/builtin_symbols.json: Removed.
  • src/compiler/generate_builtin_symbol_table.py: Removed.
  • src/compiler/glslang.l:
  • src/compiler/glslang.y:
  • src/compiler/glslang_lex.cpp:

(yy_get_previous_state):
(yy_try_NUL_trans):
(yy_push_state):
(yy_pop_state):
(yy_top_state):
(string_input):
(check_type):
(reserved_word):
(yyerror):
(glslang_scan):

  • src/compiler/glslang_tab.cpp:
  • src/compiler/glslang_tab.h:
  • src/compiler/intermOut.cpp:

(TOutputTraverser::visitUnary):
(TOutputTraverser::visitAggregate):
(TOutputTraverser::visitConstantUnion):

  • src/compiler/intermediate.h:

(TIntermNode::TIntermNode):
(TIntermNode::getLine):
(TIntermNode::setLine):
(TIntermNode::~TIntermNode):
(TIntermConstantUnion::setUnionArrayPointer):
(TIntermAggregate::TIntermAggregate):
(TIntermAggregate::setEndLine):
(TIntermAggregate::getEndLine):
(TIntermTraverser::TIntermTraverser):
(TIntermTraverser::incrementDepth):

  • src/compiler/localintermediate.h:
  • src/compiler/parseConst.cpp:

(TConstTraverser::visitSymbol):
(TConstTraverser::visitBinary):
(TConstTraverser::visitUnary):
(TConstTraverser::visitAggregate):
(TConstTraverser::visitSelection):
(TConstTraverser::visitConstantUnion):
(TConstTraverser::visitLoop):
(TConstTraverser::visitBranch):
(TIntermediate::parseConstTree):

  • src/compiler/timing/RestrictVertexShaderTiming.cpp:

(RestrictVertexShaderTiming::visitSymbol):

  • src/libEGL/Config.cpp: Removed.
  • src/libEGL/Config.h: Removed.
  • src/libEGL/Display.cpp: Removed.
  • src/libEGL/Display.h: Removed.
  • src/libEGL/README: Added.
  • src/libEGL/ShaderCache.h: Removed.
  • src/libEGL/Surface.cpp: Removed.
  • src/libEGL/Surface.h: Removed.
  • src/libEGL/libEGL.cpp: Removed.
  • src/libEGL/libEGL.def: Removed.
  • src/libEGL/libEGL.rc: Removed.
  • src/libEGL/libEGL.vcxproj: Removed.
  • src/libEGL/libEGL.vcxproj.filters: Removed.
  • src/libEGL/main.cpp: Removed.
  • src/libEGL/main.h: Removed.
  • src/libEGL/resource.h: Removed.
  • src/libGLESv2/BinaryStream.h: Removed.
  • src/libGLESv2/Blit.cpp: Removed.
  • src/libGLESv2/Blit.h: Removed.
  • src/libGLESv2/Buffer.cpp: Removed.
  • src/libGLESv2/Buffer.h: Removed.
  • src/libGLESv2/Context.cpp: Removed.
  • src/libGLESv2/Context.h: Removed.
  • src/libGLESv2/D3DConstantTable.cpp: Removed.
  • src/libGLESv2/D3DConstantTable.h: Removed.
  • src/libGLESv2/Fence.cpp: Removed.
  • src/libGLESv2/Fence.h: Removed.
  • src/libGLESv2/Float16ToFloat32.cpp: Removed.
  • src/libGLESv2/Float16ToFloat32.py: Removed.
  • src/libGLESv2/Framebuffer.cpp: Removed.
  • src/libGLESv2/Framebuffer.h: Removed.
  • src/libGLESv2/HandleAllocator.cpp: Removed.
  • src/libGLESv2/HandleAllocator.h: Removed.
  • src/libGLESv2/IndexDataManager.cpp: Removed.
  • src/libGLESv2/IndexDataManager.h: Removed.
  • src/libGLESv2/Program.cpp: Removed.
  • src/libGLESv2/Program.h: Removed.
  • src/libGLESv2/ProgramBinary.cpp: Removed.
  • src/libGLESv2/ProgramBinary.h: Removed.
  • src/libGLESv2/Query.cpp: Removed.
  • src/libGLESv2/Query.h: Removed.
  • src/libGLESv2/README: Added.
  • src/libGLESv2/Renderbuffer.cpp: Removed.
  • src/libGLESv2/Renderbuffer.h: Removed.
  • src/libGLESv2/ResourceManager.cpp: Removed.
  • src/libGLESv2/ResourceManager.h: Removed.
  • src/libGLESv2/Shader.cpp: Removed.
  • src/libGLESv2/Shader.h: Removed.
  • src/libGLESv2/Texture.cpp: Removed.
  • src/libGLESv2/Texture.h: Removed.
  • src/libGLESv2/TextureSSE2.cpp: Removed.
  • src/libGLESv2/VertexDataManager.cpp: Removed.
  • src/libGLESv2/VertexDataManager.h: Removed.
  • src/libGLESv2/libGLESv2.cpp: Removed.
  • src/libGLESv2/libGLESv2.def: Removed.
  • src/libGLESv2/libGLESv2.rc: Removed.
  • src/libGLESv2/libGLESv2.vcxproj: Removed.
  • src/libGLESv2/libGLESv2.vcxproj.filters: Removed.
  • src/libGLESv2/main.cpp: Removed.
  • src/libGLESv2/main.h: Removed.
  • src/libGLESv2/mathutil.h: Removed.
  • src/libGLESv2/resource.h: Removed.
  • src/libGLESv2/shaders/Blit.ps: Removed.
  • src/libGLESv2/shaders/Blit.vs: Removed.
  • src/libGLESv2/shaders/componentmaskps.h: Removed.
  • src/libGLESv2/shaders/flipyvs.h: Removed.
  • src/libGLESv2/shaders/generate_shaders.bat: Removed.
  • src/libGLESv2/shaders/luminanceps.h: Removed.
  • src/libGLESv2/shaders/passthroughps.h: Removed.
  • src/libGLESv2/shaders/standardvs.h: Removed.
  • src/libGLESv2/utilities.cpp: Removed.
  • src/libGLESv2/utilities.h: Removed.
  • src/libGLESv2/vertexconversion.h: Removed.

Source/WebCore:

  • CMakeLists.txt:
11:39 AM Changeset in webkit [152945] by fpizlo@apple.com
  • 4 edits
    1 add in branches/dfgFourthTier/Source/JavaScriptCore

fourthTier: StringObjectUse uses structures, and CSE should know that
https://bugs.webkit.org/show_bug.cgi?id=118940

Reviewed by Geoffrey Garen.

This is asymptomatic right now, but we should fix it.

(JSC::DFG::CSEPhase::putStructureStoreElimination):

  • dfg/DFGEdgeUsesStructure.h: Added.

(DFG):
(EdgeUsesStructure):
(JSC::DFG::EdgeUsesStructure::EdgeUsesStructure):
(JSC::DFG::EdgeUsesStructure::operator()):
(JSC::DFG::EdgeUsesStructure::result):
(JSC::DFG::edgesUseStructure):

  • dfg/DFGUseKind.h:

(DFG):
(JSC::DFG::usesStructure):

10:58 AM Changeset in webkit [152944] by fpizlo@apple.com
  • 9 edits
    13 adds in branches/dfgFourthTier

fourthTier: String GetByVal out-of-bounds handling is so wrong
https://bugs.webkit.org/show_bug.cgi?id=118935

Source/JavaScriptCore:

Reviewed by Geoffrey Garen.

Bunch of String GetByVal out-of-bounds fixes:

  • Even if the string proto chain is sane, we need to watch out for negative indices. They may get values or call getters in the prototypes, since proto sanity doesn't check for negative indexed properties, as they are not technically indexed properties.


  • GetByVal String out-of-bounds does in fact clobberWorld(). CSE should be given this information.


  • GetByVal String out-of-bounds does in fact clobberWorld(). CFA should be given this information.


Also fixed some other things:

  • If the DFG is disabled, the testRunner should pretend that we've done a bunch of DFG compiles. That's necessary to prevent the tests from timing out.


  • Disassembler shouldn't try to dump source code since it's not safe in the concurrent JIT.
  • API/JSCTestRunnerUtils.cpp:

(JSC::numberOfDFGCompiles):

  • JavaScriptCore.xcodeproj/project.pbxproj:
  • dfg/DFGAbstractInterpreterInlines.h:

(JSC::DFG::::executeEffects):

  • dfg/DFGDisassembler.cpp:

(JSC::DFG::Disassembler::dumpHeader):

  • dfg/DFGGraph.h:

(JSC::DFG::Graph::byValIsPure):

  • dfg/DFGSaneStringGetByValSlowPathGenerator.h: Added.

(DFG):
(SaneStringGetByValSlowPathGenerator):
(JSC::DFG::SaneStringGetByValSlowPathGenerator::SaneStringGetByValSlowPathGenerator):
(JSC::DFG::SaneStringGetByValSlowPathGenerator::generateInternal):

  • dfg/DFGSpeculativeJIT.cpp:

(JSC::DFG::SpeculativeJIT::compileGetByValOnString):

LayoutTests:

Reviewed by Geoffrey Garen.

  • fast/js/dfg-string-out-of-bounds-check-structure-expected.txt: Added.
  • fast/js/dfg-string-out-of-bounds-check-structure.html: Added.
  • fast/js/dfg-string-out-of-bounds-cse-expected.txt: Added.
  • fast/js/dfg-string-out-of-bounds-cse.html: Added.
  • fast/js/dfg-string-out-of-bounds-negative-check-structure-expected.txt: Added.
  • fast/js/dfg-string-out-of-bounds-negative-check-structure.html: Added.
  • fast/js/dfg-string-out-of-bounds-negative-proto-value-expected.txt: Added.
  • fast/js/dfg-string-out-of-bounds-negative-proto-value.html: Added.
  • fast/js/jsc-test-list:
  • fast/js/script-tests/dfg-string-out-of-bounds-check-structure.js: Added.

(foo):

  • fast/js/script-tests/dfg-string-out-of-bounds-cse.js: Added.

(foo):

  • fast/js/script-tests/dfg-string-out-of-bounds-negative-check-structure.js: Added.

(foo):
(while):

  • fast/js/script-tests/dfg-string-out-of-bounds-negative-proto-value.js: Added.

(foo):

12:26 AM Changeset in webkit [152943] by jer.noble@apple.com
  • 2 edits in trunk/Source/WebCore

Pagination: Do not paint the baseBackgroundColor if asked to skipRootBackground.
https://bugs.webkit.org/show_bug.cgi?id=118933

Reviewed by Simon Fraser.

Captions rendered through TextTrackRepresentation are rendered with a background
color when in paginated views. Do not fill the paint area with the
baseBackgroundColor when the paint flags include SkipRootBackground.

  • rendering/RenderView.cpp:

(WebCore::RenderView::paint):

12:02 AM Changeset in webkit [152942] by Carlos Garcia Campos
  • 1 copy in releases/WebKitGTK/webkit-2.0.4

Tagging the WebKitGTK+ 2.0.4 release

Note: See TracTimeline for information about the timeline view.