Part 2 for <rdar://problem/8492788>

[WebKit-https.git] / Source / JavaScriptCore / ChangeLog

2011-02-01  Sam Weinig  <sam@webkit.org>

        Reviewed by Beth Dakin.

        Part 2 for <rdar://problem/8492788>
        Adopt WKScrollbarPainterController

        Use header detection to define scrollbar painting controller #define.

        * DerivedSources.make:
        * JavaScriptCore.xcodeproj/project.pbxproj:

2011-02-01  Geoffrey Garen  <ggaren@apple.com>

        Reviewed by Oliver Hunt.

        REGRESSION(77082): GC-related crashes seen: on WebKit2 bot; on GTK 32bit
        bot; loading trac pages; typing in search field
        https://bugs.webkit.org/show_bug.cgi?id=53519
        
        The crashes were all caused by failure to run an object's destructor.

        * runtime/CollectorHeapIterator.h:
        (JSC::ObjectIterator::ObjectIterator): Don't skip forward upon
        construction. The iterator class used to do that when it was designed
        for prior-to-beginning initialization. I forgot to remove this line
        of code when I changed the iterator to normal initialization.
        
        Skipping forward upon construction was causing the heap to skip running
        the destructor for the very first object in a block when destroying the
        block. This usually did not crash, since block destruction is rare and
        most objects have pretty trivial destructors. However, in the rare case
        when the heap would destroy a block whose first object was a global
        object or a DOM node, BOOM.

2011-01-31  Oliver Hunt  <oliver@apple.com>

        Reviewed by Geoffrey Garen.

        Update JSObject storage for new marking API
        https://bugs.webkit.org/show_bug.cgi?id=53467

        JSObject no longer uses EncodedJSValue for its property storage.
        This produces a stream of mechanical changes to PropertySlot and
        anonymous storage APIs.

        * JavaScriptCore.exp:
        * runtime/ArrayPrototype.cpp:
        (JSC::ArrayPrototype::ArrayPrototype):
        * runtime/BooleanConstructor.cpp:
        (JSC::constructBoolean):
        (JSC::constructBooleanFromImmediateBoolean):
        * runtime/BooleanObject.cpp:
        (JSC::BooleanObject::BooleanObject):
        * runtime/BooleanObject.h:
        * runtime/BooleanPrototype.cpp:
        (JSC::BooleanPrototype::BooleanPrototype):
        * runtime/DateInstance.cpp:
        (JSC::DateInstance::DateInstance):
        * runtime/DatePrototype.cpp:
        (JSC::DatePrototype::DatePrototype):
        * runtime/JSActivation.cpp:
        (JSC::JSActivation::getOwnPropertySlot):
        * runtime/JSArray.cpp:
        (JSC::JSArray::getOwnPropertySlot):
        * runtime/JSFunction.cpp:
        (JSC::JSFunction::getOwnPropertySlot):
        * runtime/JSGlobalObject.h:
        (JSC::JSGlobalObject::JSGlobalObject):
        * runtime/JSObject.cpp:
        (JSC::JSObject::fillGetterPropertySlot):
        * runtime/JSObject.h:
        (JSC::JSObject::getDirectLocation):
        (JSC::JSObject::offsetForLocation):
        (JSC::JSObject::putAnonymousValue):
        (JSC::JSObject::clearAnonymousValue):
        (JSC::JSObject::getAnonymousValue):
        (JSC::JSObject::putThisToAnonymousValue):
        (JSC::JSObject::locationForOffset):
        (JSC::JSObject::inlineGetOwnPropertySlot):
        * runtime/JSObjectWithGlobalObject.cpp:
        (JSC::JSObjectWithGlobalObject::JSObjectWithGlobalObject):
        * runtime/JSWrapperObject.h:
        (JSC::JSWrapperObject::JSWrapperObject):
        (JSC::JSWrapperObject::setInternalValue):
        * runtime/Lookup.cpp:
        (JSC::setUpStaticFunctionSlot):
        * runtime/NumberConstructor.cpp:
        (JSC::constructWithNumberConstructor):
        * runtime/NumberObject.cpp:
        (JSC::NumberObject::NumberObject):
        (JSC::constructNumber):
        * runtime/NumberObject.h:
        * runtime/NumberPrototype.cpp:
        (JSC::NumberPrototype::NumberPrototype):
        * runtime/PropertySlot.h:
        (JSC::PropertySlot::getValue):
        (JSC::PropertySlot::setValue):
        (JSC::PropertySlot::setRegisterSlot):
        * runtime/StringObject.cpp:
        (JSC::StringObject::StringObject):
        * runtime/StringPrototype.cpp:
        (JSC::StringPrototype::StringPrototype):
        * runtime/WriteBarrier.h:
        (JSC::WriteBarrierBase::setWithoutWriteBarrier):

2011-02-01  Daniel Bates  <dbates@rim.com>

        Reviewed by Antonio Gomes.

        Modify RandomNumberSeed.h to use USE(MERSENNE_TWISTER_19937)
        https://bugs.webkit.org/show_bug.cgi?id=53506

        Currently, use of the Mersenne Twister pseudorandom number generator
        is hardcoded to the Windows CE port. With the passing of bug #53253,
        we can generalize support for this PRNG to all ports that use srand(3)
        and rand(3), including Windows CE.

        * wtf/RandomNumberSeed.h:
        (WTF::initializeRandomNumberGenerator):

2011-02-01  Dave Tapuska  <dtapuska@rim.com>

        Reviewed by Gavin Barraclough.

        MacroAssemblerARM would generate code that did 32bit loads
        on addresses that were not aligned. More specifically it would
        generate a ldr r8,[r1, #7] which isn't valid on ARMv5 and lower.
        The intended instruction really is ldrb r8,[r1, #7]; ensure we
        call load8 instead of load32.

        https://bugs.webkit.org/show_bug.cgi?id=46095

        * assembler/MacroAssemblerARM.h:
        (JSC::MacroAssemblerARM::set32Test32):
        (JSC::MacroAssemblerARM::set32Test8):

2011-02-01  Darin Fisher  <darin@chromium.org>

        Reviewed by Eric Seidel.

        Fix some Visual Studio compiler warnings.
        https://bugs.webkit.org/show_bug.cgi?id=53476

        * wtf/MathExtras.h:
        (clampToInteger):
        (clampToPositiveInteger):
        * wtf/ThreadingWin.cpp:
        (WTF::absoluteTimeToWaitTimeoutInterval):

2011-01-31  Oliver Hunt  <oliver@apple.com>

        Reviewed by Sam Weinig.

        Bogus callframe during stack unwinding
        https://bugs.webkit.org/show_bug.cgi?id=53454

        Trying to access a callframe's globalData after destroying its
        ScopeChain is not a good thing.  While we could access the
        globalData directly through the (known valid) scopechain we're
        holding on to, it feels fragile.  Instead we push the valid
        ScopeChain onto the callframe again to ensure that the callframe
        itself remains valid.

        * interpreter/Interpreter.cpp:
        (JSC::Interpreter::unwindCallFrame):

2011-01-31  Michael Saboff  <msaboff@apple.com>

        Reviewed by Geoffrey Garen.

        Potentially Unsafe HashSet of RuntimeObject* in RootObject definition
        https://bugs.webkit.org/show_bug.cgi?id=53271

        Reapplying this change again.
        Changed isValid() to use .get() as a result of change r77151.

        Added new isValid() methods to check if a contained object in
        a WeakGCMap is valid when using an unchecked iterator.

        * runtime/WeakGCMap.h:
        (JSC::WeakGCMap::isValid):

2011-01-31  Oliver Hunt  <oliver@apple.com>

        Convert markstack to a slot visitor API
        https://bugs.webkit.org/show_bug.cgi?id=53219

        rolling r77098, r77099, r77100, r77109, and
        r77111 back in, along with a few more Qt fix attempts.

        * API/JSCallbackObject.h:
        (JSC::JSCallbackObjectData::setPrivateProperty):
        (JSC::JSCallbackObjectData::JSPrivatePropertyMap::getPrivateProperty):
        (JSC::JSCallbackObjectData::JSPrivatePropertyMap::setPrivateProperty):
        (JSC::JSCallbackObjectData::JSPrivatePropertyMap::markChildren):
        (JSC::JSCallbackObject::setPrivateProperty):
        * API/JSCallbackObjectFunctions.h:
        (JSC::::put):
        (JSC::::staticFunctionGetter):
        * API/JSObjectRef.cpp:
        (JSObjectMakeConstructor):
        (JSObjectSetPrivateProperty):
        * API/JSWeakObjectMapRefInternal.h:
        * JavaScriptCore.exp:
        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
        * JavaScriptCore.xcodeproj/project.pbxproj:
        * bytecode/CodeBlock.cpp:
        (JSC::CodeBlock::markAggregate):
        * bytecode/CodeBlock.h:
        (JSC::CodeBlock::globalObject):
        * bytecompiler/BytecodeGenerator.cpp:
        (JSC::BytecodeGenerator::BytecodeGenerator):
        (JSC::BytecodeGenerator::emitJumpIfNotFunctionCall):
        (JSC::BytecodeGenerator::emitJumpIfNotFunctionApply):
        (JSC::BytecodeGenerator::findScopedProperty):
        * debugger/Debugger.cpp:
        (JSC::evaluateInGlobalCallFrame):
        * debugger/DebuggerActivation.cpp:
        (JSC::DebuggerActivation::DebuggerActivation):
        (JSC::DebuggerActivation::markChildren):
        * debugger/DebuggerActivation.h:
        * debugger/DebuggerCallFrame.cpp:
        (JSC::DebuggerCallFrame::evaluate):
        * interpreter/CallFrame.h:
        (JSC::ExecState::exception):
        * interpreter/Interpreter.cpp:
        (JSC::Interpreter::resolve):
        (JSC::Interpreter::resolveSkip):
        (JSC::Interpreter::resolveGlobal):
        (JSC::Interpreter::resolveGlobalDynamic):
        (JSC::Interpreter::resolveBaseAndProperty):
        (JSC::Interpreter::unwindCallFrame):
        (JSC::appendSourceToError):
        (JSC::Interpreter::execute):
        (JSC::Interpreter::tryCacheGetByID):
        (JSC::Interpreter::privateExecute):
        * jit/JITStubs.cpp:
        (JSC::JITThunks::tryCacheGetByID):
        (JSC::DEFINE_STUB_FUNCTION):
        * jsc.cpp:
        (GlobalObject::GlobalObject):
        * runtime/ArgList.cpp:
        (JSC::MarkedArgumentBuffer::markLists):
        * runtime/Arguments.cpp:
        (JSC::Arguments::markChildren):
        (JSC::Arguments::getOwnPropertySlot):
        (JSC::Arguments::getOwnPropertyDescriptor):
        (JSC::Arguments::put):
        * runtime/Arguments.h:
        (JSC::Arguments::setActivation):
        (JSC::Arguments::Arguments):
        * runtime/ArrayConstructor.cpp:
        (JSC::ArrayConstructor::ArrayConstructor):
        (JSC::constructArrayWithSizeQuirk):
        * runtime/ArrayPrototype.cpp:
        (JSC::arrayProtoFuncSplice):
        * runtime/BatchedTransitionOptimizer.h:
        (JSC::BatchedTransitionOptimizer::BatchedTransitionOptimizer):
        (JSC::BatchedTransitionOptimizer::~BatchedTransitionOptimizer):
        * runtime/BooleanConstructor.cpp:
        (JSC::BooleanConstructor::BooleanConstructor):
        (JSC::constructBoolean):
        (JSC::constructBooleanFromImmediateBoolean):
        * runtime/BooleanPrototype.cpp:
        (JSC::BooleanPrototype::BooleanPrototype):
        * runtime/ConservativeSet.cpp:
        (JSC::ConservativeSet::grow):
        * runtime/ConservativeSet.h:
        (JSC::ConservativeSet::~ConservativeSet):
        (JSC::ConservativeSet::mark):
        * runtime/DateConstructor.cpp:
        (JSC::DateConstructor::DateConstructor):
        * runtime/DateInstance.cpp:
        (JSC::DateInstance::DateInstance):
        * runtime/DatePrototype.cpp:
        (JSC::dateProtoFuncSetTime):
        (JSC::setNewValueFromTimeArgs):
        (JSC::setNewValueFromDateArgs):
        (JSC::dateProtoFuncSetYear):
        * runtime/ErrorConstructor.cpp:
        (JSC::ErrorConstructor::ErrorConstructor):
        * runtime/ErrorInstance.cpp:
        (JSC::ErrorInstance::ErrorInstance):
        * runtime/ErrorPrototype.cpp:
        (JSC::ErrorPrototype::ErrorPrototype):
        * runtime/FunctionConstructor.cpp:
        (JSC::FunctionConstructor::FunctionConstructor):
        * runtime/FunctionPrototype.cpp:
        (JSC::FunctionPrototype::FunctionPrototype):
        * runtime/GetterSetter.cpp:
        (JSC::GetterSetter::markChildren):
        * runtime/GetterSetter.h:
        (JSC::GetterSetter::GetterSetter):
        (JSC::GetterSetter::getter):
        (JSC::GetterSetter::setGetter):
        (JSC::GetterSetter::setter):
        (JSC::GetterSetter::setSetter):
        * runtime/GlobalEvalFunction.cpp:
        (JSC::GlobalEvalFunction::GlobalEvalFunction):
        (JSC::GlobalEvalFunction::markChildren):
        * runtime/GlobalEvalFunction.h:
        (JSC::GlobalEvalFunction::cachedGlobalObject):
        * runtime/Heap.cpp:
        (JSC::Heap::markProtectedObjects):
        (JSC::Heap::markTempSortVectors):
        (JSC::Heap::markRoots):
        * runtime/InternalFunction.cpp:
        (JSC::InternalFunction::InternalFunction):
        * runtime/JSAPIValueWrapper.h:
        (JSC::JSAPIValueWrapper::value):
        (JSC::JSAPIValueWrapper::JSAPIValueWrapper):
        * runtime/JSActivation.cpp:
        (JSC::JSActivation::markChildren):
        (JSC::JSActivation::put):
        * runtime/JSArray.cpp:
        (JSC::JSArray::JSArray):
        (JSC::JSArray::getOwnPropertySlot):
        (JSC::JSArray::getOwnPropertyDescriptor):
        (JSC::JSArray::put):
        (JSC::JSArray::putSlowCase):
        (JSC::JSArray::deleteProperty):
        (JSC::JSArray::increaseVectorLength):
        (JSC::JSArray::setLength):
        (JSC::JSArray::pop):
        (JSC::JSArray::push):
        (JSC::JSArray::unshiftCount):
        (JSC::JSArray::sort):
        (JSC::JSArray::fillArgList):
        (JSC::JSArray::copyToRegisters):
        (JSC::JSArray::compactForSorting):
        * runtime/JSArray.h:
        (JSC::JSArray::getIndex):
        (JSC::JSArray::setIndex):
        (JSC::JSArray::uncheckedSetIndex):
        (JSC::JSArray::markChildrenDirect):
        * runtime/JSByteArray.cpp:
        (JSC::JSByteArray::JSByteArray):
        * runtime/JSCell.h:
        (JSC::JSCell::MarkStack::append):
        (JSC::JSCell::MarkStack::internalAppend):
        (JSC::JSCell::MarkStack::deprecatedAppend):
        * runtime/JSFunction.cpp:
        (JSC::JSFunction::JSFunction):
        (JSC::JSFunction::getOwnPropertySlot):
        * runtime/JSGlobalData.h:
        * runtime/JSGlobalObject.cpp:
        (JSC::markIfNeeded):
        (JSC::JSGlobalObject::reset):
        (JSC::JSGlobalObject::resetPrototype):
        (JSC::JSGlobalObject::markChildren):
        * runtime/JSGlobalObject.h:
        (JSC::JSGlobalObject::JSGlobalObjectData::JSGlobalObjectData):
        (JSC::JSGlobalObject::regExpConstructor):
        (JSC::JSGlobalObject::errorConstructor):
        (JSC::JSGlobalObject::evalErrorConstructor):
        (JSC::JSGlobalObject::rangeErrorConstructor):
        (JSC::JSGlobalObject::referenceErrorConstructor):
        (JSC::JSGlobalObject::syntaxErrorConstructor):
        (JSC::JSGlobalObject::typeErrorConstructor):
        (JSC::JSGlobalObject::URIErrorConstructor):
        (JSC::JSGlobalObject::evalFunction):
        (JSC::JSGlobalObject::objectPrototype):
        (JSC::JSGlobalObject::functionPrototype):
        (JSC::JSGlobalObject::arrayPrototype):
        (JSC::JSGlobalObject::booleanPrototype):
        (JSC::JSGlobalObject::stringPrototype):
        (JSC::JSGlobalObject::numberPrototype):
        (JSC::JSGlobalObject::datePrototype):
        (JSC::JSGlobalObject::regExpPrototype):
        (JSC::JSGlobalObject::methodCallDummy):
        (JSC::Structure::prototypeForLookup):
        (JSC::constructArray):
        * runtime/JSONObject.cpp:
        (JSC::Stringifier::Holder::object):
        (JSC::Stringifier::Holder::objectSlot):
        (JSC::Stringifier::markAggregate):
        (JSC::Stringifier::stringify):
        (JSC::Stringifier::Holder::appendNextProperty):
        (JSC::Walker::callReviver):
        (JSC::Walker::walk):
        * runtime/JSObject.cpp:
        (JSC::JSObject::defineGetter):
        (JSC::JSObject::defineSetter):
        (JSC::JSObject::removeDirect):
        (JSC::JSObject::putDirectFunction):
        (JSC::JSObject::putDirectFunctionWithoutTransition):
        (JSC::putDescriptor):
        (JSC::JSObject::defineOwnProperty):
        * runtime/JSObject.h:
        (JSC::JSObject::getDirectOffset):
        (JSC::JSObject::putDirectOffset):
        (JSC::JSObject::putUndefinedAtDirectOffset):
        (JSC::JSObject::flattenDictionaryObject):
        (JSC::JSObject::putDirectInternal):
        (JSC::JSObject::putDirect):
        (JSC::JSObject::putDirectFunction):
        (JSC::JSObject::putDirectWithoutTransition):
        (JSC::JSObject::putDirectFunctionWithoutTransition):
        (JSC::JSValue::putDirect):
        (JSC::JSObject::allocatePropertyStorageInline):
        (JSC::JSObject::markChildrenDirect):
        * runtime/JSPropertyNameIterator.cpp:
        (JSC::JSPropertyNameIterator::JSPropertyNameIterator):
        (JSC::JSPropertyNameIterator::get):
        * runtime/JSPropertyNameIterator.h:
        * runtime/JSStaticScopeObject.cpp:
        (JSC::JSStaticScopeObject::markChildren):
        * runtime/JSString.cpp:
        (JSC::StringObject::create):
        * runtime/JSValue.h:
        * runtime/JSWrapperObject.cpp:
        (JSC::JSWrapperObject::markChildren):
        * runtime/JSWrapperObject.h:
        (JSC::JSWrapperObject::internalValue):
        (JSC::JSWrapperObject::setInternalValue):
        * runtime/LiteralParser.cpp:
        (JSC::LiteralParser::parse):
        * runtime/Lookup.cpp:
        (JSC::setUpStaticFunctionSlot):
        * runtime/Lookup.h:
        (JSC::lookupPut):
        * runtime/MarkStack.h:
        (JSC::MarkStack::MarkStack):
        (JSC::MarkStack::deprecatedAppendValues):
        (JSC::MarkStack::appendValues):
        * runtime/MathObject.cpp:
        (JSC::MathObject::MathObject):
        * runtime/NativeErrorConstructor.cpp:
        (JSC::NativeErrorConstructor::NativeErrorConstructor):
        * runtime/NativeErrorPrototype.cpp:
        (JSC::NativeErrorPrototype::NativeErrorPrototype):
        * runtime/NumberConstructor.cpp:
        (JSC::NumberConstructor::NumberConstructor):
        (JSC::constructWithNumberConstructor):
        * runtime/NumberObject.cpp:
        (JSC::constructNumber):
        * runtime/NumberPrototype.cpp:
        (JSC::NumberPrototype::NumberPrototype):
        * runtime/ObjectConstructor.cpp:
        (JSC::ObjectConstructor::ObjectConstructor):
        (JSC::objectConstructorGetOwnPropertyDescriptor):
        * runtime/Operations.h:
        (JSC::normalizePrototypeChain):
        (JSC::resolveBase):
        * runtime/PrototypeFunction.cpp:
        (JSC::PrototypeFunction::PrototypeFunction):
        * runtime/PutPropertySlot.h:
        (JSC::PutPropertySlot::setExistingProperty):
        (JSC::PutPropertySlot::setNewProperty):
        (JSC::PutPropertySlot::base):
        * runtime/RegExpConstructor.cpp:
        (JSC::RegExpConstructor::RegExpConstructor):
        * runtime/ScopeChain.cpp:
        (JSC::ScopeChainNode::print):
        * runtime/ScopeChain.h:
        (JSC::ScopeChainNode::~ScopeChainNode):
        (JSC::ScopeChainIterator::operator*):
        (JSC::ScopeChainIterator::operator->):
        (JSC::ScopeChain::top):
        * runtime/ScopeChainMark.h:
        (JSC::ScopeChain::markAggregate):
        * runtime/SmallStrings.cpp:
        (JSC::isMarked):
        (JSC::SmallStrings::markChildren):
        * runtime/SmallStrings.h:
        (JSC::SmallStrings::emptyString):
        (JSC::SmallStrings::singleCharacterString):
        (JSC::SmallStrings::singleCharacterStrings):
        * runtime/StringConstructor.cpp:
        (JSC::StringConstructor::StringConstructor):
        * runtime/StringObject.cpp:
        (JSC::StringObject::StringObject):
        * runtime/StringObject.h:
        * runtime/StringPrototype.cpp:
        (JSC::StringPrototype::StringPrototype):
        * runtime/Structure.cpp:
        (JSC::Structure::Structure):
        (JSC::Structure::addPropertyTransition):
        (JSC::Structure::toDictionaryTransition):
        (JSC::Structure::flattenDictionaryStructure):
        * runtime/Structure.h:
        (JSC::Structure::storedPrototype):
        (JSC::Structure::storedPrototypeSlot):
        * runtime/WeakGCMap.h:
        (JSC::WeakGCMap::uncheckedGet):
        (JSC::WeakGCMap::uncheckedGetSlot):
        (JSC::::get):
        (JSC::::take):
        (JSC::::set):
        (JSC::::uncheckedRemove):
        * runtime/WriteBarrier.h: Added.
        (JSC::DeprecatedPtr::DeprecatedPtr):
        (JSC::DeprecatedPtr::get):
        (JSC::DeprecatedPtr::operator*):
        (JSC::DeprecatedPtr::operator->):
        (JSC::DeprecatedPtr::slot):
        (JSC::DeprecatedPtr::operator UnspecifiedBoolType*):
        (JSC::DeprecatedPtr::operator!):
        (JSC::WriteBarrierBase::set):
        (JSC::WriteBarrierBase::get):
        (JSC::WriteBarrierBase::operator*):
        (JSC::WriteBarrierBase::operator->):
        (JSC::WriteBarrierBase::clear):
        (JSC::WriteBarrierBase::slot):
        (JSC::WriteBarrierBase::operator UnspecifiedBoolType*):
        (JSC::WriteBarrierBase::operator!):
        (JSC::WriteBarrier::WriteBarrier):
        (JSC::operator==):

2011-01-31  Dan Winship  <danw@gnome.org>

        Reviewed by Gustavo Noronha Silva.

        wss (websockets ssl) support for gtk via new gio TLS support
        https://bugs.webkit.org/show_bug.cgi?id=50344

        Add a GPollableOutputStream typedef for TLS WebSockets support

        * wtf/gobject/GTypedefs.h:

2011-01-31  Gavin Barraclough  <barraclough@apple.com>

        Reviewed by Geoff Garen.

        https://bugs.webkit.org/show_bug.cgi?id=53352
        Heavy external fragmentation in FixedVMPoolAllocator can lead to a CRASH().

        The FixedVMPoolAllocator currently uses a best fix policy -
        switch to first fit, this is less prone to external fragmentation.

        * jit/ExecutableAllocatorFixedVMPool.cpp:
        (JSC::AllocationTableSizeClass::AllocationTableSizeClass):
        (JSC::AllocationTableSizeClass::blockSize):
        (JSC::AllocationTableSizeClass::blockCount):
        (JSC::AllocationTableSizeClass::blockAlignment):
        (JSC::AllocationTableSizeClass::size):
        (JSC::AllocationTableLeaf::AllocationTableLeaf):
        (JSC::AllocationTableLeaf::~AllocationTableLeaf):
        (JSC::AllocationTableLeaf::allocate):
        (JSC::AllocationTableLeaf::free):
        (JSC::AllocationTableLeaf::isEmpty):
        (JSC::AllocationTableLeaf::isFull):
        (JSC::AllocationTableLeaf::size):
        (JSC::AllocationTableLeaf::classForSize):
        (JSC::AllocationTableLeaf::dump):
        (JSC::LazyAllocationTable::LazyAllocationTable):
        (JSC::LazyAllocationTable::~LazyAllocationTable):
        (JSC::LazyAllocationTable::allocate):
        (JSC::LazyAllocationTable::free):
        (JSC::LazyAllocationTable::isEmpty):
        (JSC::LazyAllocationTable::isFull):
        (JSC::LazyAllocationTable::size):
        (JSC::LazyAllocationTable::dump):
        (JSC::LazyAllocationTable::classForSize):
        (JSC::AllocationTableDirectory::AllocationTableDirectory):
        (JSC::AllocationTableDirectory::~AllocationTableDirectory):
        (JSC::AllocationTableDirectory::allocate):
        (JSC::AllocationTableDirectory::free):
        (JSC::AllocationTableDirectory::isEmpty):
        (JSC::AllocationTableDirectory::isFull):
        (JSC::AllocationTableDirectory::size):
        (JSC::AllocationTableDirectory::classForSize):
        (JSC::AllocationTableDirectory::dump):
        (JSC::FixedVMPoolAllocator::FixedVMPoolAllocator):
        (JSC::FixedVMPoolAllocator::alloc):
        (JSC::FixedVMPoolAllocator::free):
        (JSC::FixedVMPoolAllocator::allocated):
        (JSC::FixedVMPoolAllocator::isValid):
        (JSC::FixedVMPoolAllocator::classForSize):
        (JSC::FixedVMPoolAllocator::offsetToPointer):
        (JSC::FixedVMPoolAllocator::pointerToOffset):
        (JSC::ExecutableAllocator::committedByteCount):
        (JSC::ExecutableAllocator::isValid):
        (JSC::ExecutableAllocator::underMemoryPressure):
        (JSC::ExecutablePool::systemAlloc):
        (JSC::ExecutablePool::systemRelease):
        * wtf/PageReservation.h:
        (WTF::PageReservation::PageReservation):
        (WTF::PageReservation::commit):
        (WTF::PageReservation::decommit):
        (WTF::PageReservation::committed):

2011-01-31  Sheriff Bot  <webkit.review.bot@gmail.com>

        Unreviewed, rolling out r76969.
        http://trac.webkit.org/changeset/76969
        https://bugs.webkit.org/show_bug.cgi?id=53418

        "It is causing crashes in GTK+ and Leopard bots" (Requested by
        alexg__ on #webkit).

        * runtime/WeakGCMap.h:

2011-01-30  Csaba Osztrogonác  <ossy@webkit.org>

        Unreviewed, rolling out r77098, r77099, r77100, r77109, and
        r77111.
        http://trac.webkit.org/changeset/77098
        http://trac.webkit.org/changeset/77099
        http://trac.webkit.org/changeset/77100
        http://trac.webkit.org/changeset/77109
        http://trac.webkit.org/changeset/77111
        https://bugs.webkit.org/show_bug.cgi?id=53219

        Qt build is broken

        * API/JSCallbackObject.h:
        (JSC::JSCallbackObjectData::setPrivateProperty):
        (JSC::JSCallbackObjectData::JSPrivatePropertyMap::getPrivateProperty):
        (JSC::JSCallbackObjectData::JSPrivatePropertyMap::setPrivateProperty):
        (JSC::JSCallbackObjectData::JSPrivatePropertyMap::markChildren):
        (JSC::JSCallbackObject::setPrivateProperty):
        * API/JSCallbackObjectFunctions.h:
        (JSC::::put):
        (JSC::::staticFunctionGetter):
        * API/JSObjectRef.cpp:
        (JSObjectMakeConstructor):
        (JSObjectSetPrivateProperty):
        * API/JSWeakObjectMapRefInternal.h:
        * JavaScriptCore.exp:
        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
        * JavaScriptCore.xcodeproj/project.pbxproj:
        * bytecode/CodeBlock.cpp:
        (JSC::CodeBlock::markAggregate):
        * bytecode/CodeBlock.h:
        (JSC::CodeBlock::globalObject):
        * bytecompiler/BytecodeGenerator.cpp:
        (JSC::BytecodeGenerator::BytecodeGenerator):
        (JSC::BytecodeGenerator::emitJumpIfNotFunctionCall):
        (JSC::BytecodeGenerator::emitJumpIfNotFunctionApply):
        (JSC::BytecodeGenerator::findScopedProperty):
        * debugger/Debugger.cpp:
        (JSC::evaluateInGlobalCallFrame):
        * debugger/DebuggerActivation.cpp:
        (JSC::DebuggerActivation::DebuggerActivation):
        (JSC::DebuggerActivation::markChildren):
        * debugger/DebuggerActivation.h:
        * debugger/DebuggerCallFrame.cpp:
        (JSC::DebuggerCallFrame::evaluate):
        * interpreter/CallFrame.h:
        (JSC::ExecState::exception):
        * interpreter/Interpreter.cpp:
        (JSC::Interpreter::resolve):
        (JSC::Interpreter::resolveSkip):
        (JSC::Interpreter::resolveGlobal):
        (JSC::Interpreter::resolveGlobalDynamic):
        (JSC::Interpreter::resolveBaseAndProperty):
        (JSC::Interpreter::unwindCallFrame):
        (JSC::appendSourceToError):
        (JSC::Interpreter::execute):
        (JSC::Interpreter::tryCacheGetByID):
        (JSC::Interpreter::privateExecute):
        * jit/JITStubs.cpp:
        (JSC::JITThunks::tryCacheGetByID):
        (JSC::DEFINE_STUB_FUNCTION):
        * jsc.cpp:
        (GlobalObject::GlobalObject):
        * runtime/ArgList.cpp:
        (JSC::MarkedArgumentBuffer::markLists):
        * runtime/Arguments.cpp:
        (JSC::Arguments::markChildren):
        (JSC::Arguments::getOwnPropertySlot):
        (JSC::Arguments::getOwnPropertyDescriptor):
        (JSC::Arguments::put):
        * runtime/Arguments.h:
        (JSC::Arguments::setActivation):
        (JSC::Arguments::Arguments):
        * runtime/ArrayConstructor.cpp:
        (JSC::ArrayConstructor::ArrayConstructor):
        (JSC::constructArrayWithSizeQuirk):
        * runtime/ArrayPrototype.cpp:
        (JSC::arrayProtoFuncSplice):
        * runtime/BatchedTransitionOptimizer.h:
        (JSC::BatchedTransitionOptimizer::BatchedTransitionOptimizer):
        (JSC::BatchedTransitionOptimizer::~BatchedTransitionOptimizer):
        * runtime/BooleanConstructor.cpp:
        (JSC::BooleanConstructor::BooleanConstructor):
        (JSC::constructBoolean):
        (JSC::constructBooleanFromImmediateBoolean):
        * runtime/BooleanPrototype.cpp:
        (JSC::BooleanPrototype::BooleanPrototype):
        * runtime/ConservativeSet.cpp:
        (JSC::ConservativeSet::grow):
        * runtime/ConservativeSet.h:
        (JSC::ConservativeSet::~ConservativeSet):
        (JSC::ConservativeSet::mark):
        * runtime/DateConstructor.cpp:
        (JSC::DateConstructor::DateConstructor):
        * runtime/DateInstance.cpp:
        (JSC::DateInstance::DateInstance):
        * runtime/DatePrototype.cpp:
        (JSC::dateProtoFuncSetTime):
        (JSC::setNewValueFromTimeArgs):
        (JSC::setNewValueFromDateArgs):
        (JSC::dateProtoFuncSetYear):
        * runtime/ErrorConstructor.cpp:
        (JSC::ErrorConstructor::ErrorConstructor):
        * runtime/ErrorInstance.cpp:
        (JSC::ErrorInstance::ErrorInstance):
        * runtime/ErrorPrototype.cpp:
        (JSC::ErrorPrototype::ErrorPrototype):
        * runtime/FunctionConstructor.cpp:
        (JSC::FunctionConstructor::FunctionConstructor):
        * runtime/FunctionPrototype.cpp:
        (JSC::FunctionPrototype::FunctionPrototype):
        * runtime/GetterSetter.cpp:
        (JSC::GetterSetter::markChildren):
        * runtime/GetterSetter.h:
        (JSC::GetterSetter::GetterSetter):
        (JSC::GetterSetter::getter):
        (JSC::GetterSetter::setGetter):
        (JSC::GetterSetter::setter):
        (JSC::GetterSetter::setSetter):
        * runtime/GlobalEvalFunction.cpp:
        (JSC::GlobalEvalFunction::GlobalEvalFunction):
        (JSC::GlobalEvalFunction::markChildren):
        * runtime/GlobalEvalFunction.h:
        (JSC::GlobalEvalFunction::cachedGlobalObject):
        * runtime/Heap.cpp:
        (JSC::Heap::markProtectedObjects):
        (JSC::Heap::markTempSortVectors):
        (JSC::Heap::markRoots):
        * runtime/InternalFunction.cpp:
        (JSC::InternalFunction::InternalFunction):
        * runtime/JSAPIValueWrapper.h:
        (JSC::JSAPIValueWrapper::value):
        (JSC::JSAPIValueWrapper::JSAPIValueWrapper):
        * runtime/JSActivation.cpp:
        (JSC::JSActivation::markChildren):
        (JSC::JSActivation::put):
        * runtime/JSArray.cpp:
        (JSC::JSArray::JSArray):
        (JSC::JSArray::getOwnPropertySlot):
        (JSC::JSArray::getOwnPropertyDescriptor):
        (JSC::JSArray::put):
        (JSC::JSArray::putSlowCase):
        (JSC::JSArray::deleteProperty):
        (JSC::JSArray::increaseVectorLength):
        (JSC::JSArray::setLength):
        (JSC::JSArray::pop):
        (JSC::JSArray::push):
        (JSC::JSArray::unshiftCount):
        (JSC::JSArray::sort):
        (JSC::JSArray::fillArgList):
        (JSC::JSArray::copyToRegisters):
        (JSC::JSArray::compactForSorting):
        * runtime/JSArray.h:
        (JSC::JSArray::getIndex):
        (JSC::JSArray::setIndex):
        (JSC::JSArray::uncheckedSetIndex):
        (JSC::JSArray::markChildrenDirect):
        * runtime/JSByteArray.cpp:
        (JSC::JSByteArray::JSByteArray):
        * runtime/JSCell.h:
        (JSC::JSCell::JSValue::toThisObject):
        (JSC::JSCell::MarkStack::append):
        * runtime/JSFunction.cpp:
        (JSC::JSFunction::JSFunction):
        (JSC::JSFunction::getOwnPropertySlot):
        * runtime/JSGlobalData.h:
        * runtime/JSGlobalObject.cpp:
        (JSC::markIfNeeded):
        (JSC::JSGlobalObject::reset):
        (JSC::JSGlobalObject::resetPrototype):
        (JSC::JSGlobalObject::markChildren):
        * runtime/JSGlobalObject.h:
        (JSC::JSGlobalObject::JSGlobalObjectData::JSGlobalObjectData):
        (JSC::JSGlobalObject::regExpConstructor):
        (JSC::JSGlobalObject::errorConstructor):
        (JSC::JSGlobalObject::evalErrorConstructor):
        (JSC::JSGlobalObject::rangeErrorConstructor):
        (JSC::JSGlobalObject::referenceErrorConstructor):
        (JSC::JSGlobalObject::syntaxErrorConstructor):
        (JSC::JSGlobalObject::typeErrorConstructor):
        (JSC::JSGlobalObject::URIErrorConstructor):
        (JSC::JSGlobalObject::evalFunction):
        (JSC::JSGlobalObject::objectPrototype):
        (JSC::JSGlobalObject::functionPrototype):
        (JSC::JSGlobalObject::arrayPrototype):
        (JSC::JSGlobalObject::booleanPrototype):
        (JSC::JSGlobalObject::stringPrototype):
        (JSC::JSGlobalObject::numberPrototype):
        (JSC::JSGlobalObject::datePrototype):
        (JSC::JSGlobalObject::regExpPrototype):
        (JSC::JSGlobalObject::methodCallDummy):
        (JSC::Structure::prototypeForLookup):
        (JSC::constructArray):
        * runtime/JSONObject.cpp:
        (JSC::Stringifier::Holder::object):
        (JSC::Stringifier::markAggregate):
        (JSC::Stringifier::stringify):
        (JSC::Stringifier::Holder::appendNextProperty):
        (JSC::Walker::callReviver):
        (JSC::Walker::walk):
        * runtime/JSObject.cpp:
        (JSC::JSObject::defineGetter):
        (JSC::JSObject::defineSetter):
        (JSC::JSObject::removeDirect):
        (JSC::JSObject::putDirectFunction):
        (JSC::JSObject::putDirectFunctionWithoutTransition):
        (JSC::putDescriptor):
        (JSC::JSObject::defineOwnProperty):
        * runtime/JSObject.h:
        (JSC::JSObject::getDirectOffset):
        (JSC::JSObject::putDirectOffset):
        (JSC::JSObject::flattenDictionaryObject):
        (JSC::JSObject::putDirectInternal):
        (JSC::JSObject::putDirect):
        (JSC::JSObject::putDirectFunction):
        (JSC::JSObject::putDirectWithoutTransition):
        (JSC::JSObject::putDirectFunctionWithoutTransition):
        (JSC::JSValue::putDirect):
        (JSC::JSObject::allocatePropertyStorageInline):
        (JSC::JSObject::markChildrenDirect):
        * runtime/JSPropertyNameIterator.cpp:
        (JSC::JSPropertyNameIterator::JSPropertyNameIterator):
        (JSC::JSPropertyNameIterator::get):
        * runtime/JSPropertyNameIterator.h:
        * runtime/JSStaticScopeObject.cpp:
        (JSC::JSStaticScopeObject::markChildren):
        * runtime/JSString.cpp:
        (JSC::StringObject::create):
        * runtime/JSValue.h:
        * runtime/JSWrapperObject.cpp:
        (JSC::JSWrapperObject::markChildren):
        * runtime/JSWrapperObject.h:
        (JSC::JSWrapperObject::internalValue):
        (JSC::JSWrapperObject::setInternalValue):
        * runtime/LiteralParser.cpp:
        (JSC::LiteralParser::parse):
        * runtime/Lookup.cpp:
        (JSC::setUpStaticFunctionSlot):
        * runtime/Lookup.h:
        (JSC::lookupPut):
        * runtime/MarkStack.h:
        (JSC::MarkStack::appendValues):
        * runtime/MathObject.cpp:
        (JSC::MathObject::MathObject):
        * runtime/NativeErrorConstructor.cpp:
        (JSC::NativeErrorConstructor::NativeErrorConstructor):
        * runtime/NativeErrorPrototype.cpp:
        (JSC::NativeErrorPrototype::NativeErrorPrototype):
        * runtime/NumberConstructor.cpp:
        (JSC::NumberConstructor::NumberConstructor):
        (JSC::constructWithNumberConstructor):
        * runtime/NumberObject.cpp:
        (JSC::constructNumber):
        * runtime/NumberPrototype.cpp:
        (JSC::NumberPrototype::NumberPrototype):
        * runtime/ObjectConstructor.cpp:
        (JSC::ObjectConstructor::ObjectConstructor):
        (JSC::objectConstructorGetOwnPropertyDescriptor):
        * runtime/Operations.h:
        (JSC::normalizePrototypeChain):
        (JSC::resolveBase):
        * runtime/PrototypeFunction.cpp:
        (JSC::PrototypeFunction::PrototypeFunction):
        * runtime/PutPropertySlot.h:
        (JSC::PutPropertySlot::setExistingProperty):
        (JSC::PutPropertySlot::setNewProperty):
        (JSC::PutPropertySlot::base):
        * runtime/RegExpConstructor.cpp:
        (JSC::RegExpConstructor::RegExpConstructor):
        * runtime/ScopeChain.cpp:
        (JSC::ScopeChainNode::print):
        * runtime/ScopeChain.h:
        (JSC::ScopeChainNode::~ScopeChainNode):
        (JSC::ScopeChainIterator::operator*):
        (JSC::ScopeChainIterator::operator->):
        (JSC::ScopeChain::top):
        * runtime/ScopeChainMark.h:
        (JSC::ScopeChain::markAggregate):
        * runtime/SmallStrings.cpp:
        (JSC::isMarked):
        (JSC::SmallStrings::markChildren):
        * runtime/SmallStrings.h:
        (JSC::SmallStrings::emptyString):
        (JSC::SmallStrings::singleCharacterString):
        (JSC::SmallStrings::singleCharacterStrings):
        * runtime/StringConstructor.cpp:
        (JSC::StringConstructor::StringConstructor):
        * runtime/StringObject.cpp:
        (JSC::StringObject::StringObject):
        * runtime/StringObject.h:
        * runtime/StringPrototype.cpp:
        (JSC::StringPrototype::StringPrototype):
        * runtime/Structure.cpp:
        (JSC::Structure::Structure):
        (JSC::Structure::addPropertyTransition):
        (JSC::Structure::toDictionaryTransition):
        (JSC::Structure::flattenDictionaryStructure):
        * runtime/Structure.h:
        (JSC::Structure::storedPrototype):
        * runtime/WeakGCMap.h:
        (JSC::WeakGCMap::uncheckedGet):
        (JSC::WeakGCMap::isValid):
        (JSC::::get):
        (JSC::::take):
        (JSC::::set):
        (JSC::::uncheckedRemove):
        * runtime/WriteBarrier.h: Removed.

2011-01-30  Simon Fraser  <simon.fraser@apple.com>

        Build fix the build fix. I assume Oliver meant m_cell, not m_value.

        * runtime/WriteBarrier.h:
        (JSC::WriteBarrierBase::clear):

2011-01-30  Oliver Hunt  <oliver@apple.com>

        More Qt build fixes

        * runtime/WriteBarrier.h:
        (JSC::WriteBarrierBase::clear):

2011-01-30  Oliver Hunt  <oliver@apple.com>

        Convert markstack to a slot visitor API
        https://bugs.webkit.org/show_bug.cgi?id=53219

        rolling r77006 and r77020 back in.

        * API/JSCallbackObject.h:
        (JSC::JSCallbackObjectData::setPrivateProperty):
        (JSC::JSCallbackObjectData::JSPrivatePropertyMap::getPrivateProperty):
        (JSC::JSCallbackObjectData::JSPrivatePropertyMap::setPrivateProperty):
        (JSC::JSCallbackObjectData::JSPrivatePropertyMap::markChildren):
        (JSC::JSCallbackObject::setPrivateProperty):
        * API/JSCallbackObjectFunctions.h:
        (JSC::::put):
        (JSC::::staticFunctionGetter):
        * API/JSObjectRef.cpp:
        (JSObjectMakeConstructor):
        (JSObjectSetPrivateProperty):
        * API/JSWeakObjectMapRefInternal.h:
        * JavaScriptCore.exp:
        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
        * JavaScriptCore.xcodeproj/project.pbxproj:
        * bytecode/CodeBlock.cpp:
        (JSC::CodeBlock::markAggregate):
        * bytecode/CodeBlock.h:
        (JSC::CodeBlock::globalObject):
        * bytecompiler/BytecodeGenerator.cpp:
        (JSC::BytecodeGenerator::BytecodeGenerator):
        (JSC::BytecodeGenerator::emitJumpIfNotFunctionCall):
        (JSC::BytecodeGenerator::emitJumpIfNotFunctionApply):
        (JSC::BytecodeGenerator::findScopedProperty):
        * debugger/Debugger.cpp:
        (JSC::evaluateInGlobalCallFrame):
        * debugger/DebuggerActivation.cpp:
        (JSC::DebuggerActivation::DebuggerActivation):
        (JSC::DebuggerActivation::markChildren):
        * debugger/DebuggerActivation.h:
        * debugger/DebuggerCallFrame.cpp:
        (JSC::DebuggerCallFrame::evaluate):
        * interpreter/CallFrame.h:
        (JSC::ExecState::exception):
        * interpreter/Interpreter.cpp:
        (JSC::Interpreter::resolve):
        (JSC::Interpreter::resolveSkip):
        (JSC::Interpreter::resolveGlobal):
        (JSC::Interpreter::resolveGlobalDynamic):
        (JSC::Interpreter::resolveBaseAndProperty):
        (JSC::Interpreter::unwindCallFrame):
        (JSC::appendSourceToError):
        (JSC::Interpreter::execute):
        (JSC::Interpreter::tryCacheGetByID):
        (JSC::Interpreter::privateExecute):
        * jit/JITStubs.cpp:
        (JSC::JITThunks::tryCacheGetByID):
        (JSC::DEFINE_STUB_FUNCTION):
        * jsc.cpp:
        (GlobalObject::GlobalObject):
        * runtime/ArgList.cpp:
        (JSC::MarkedArgumentBuffer::markLists):
        * runtime/Arguments.cpp:
        (JSC::Arguments::markChildren):
        (JSC::Arguments::getOwnPropertySlot):
        (JSC::Arguments::getOwnPropertyDescriptor):
        (JSC::Arguments::put):
        * runtime/Arguments.h:
        (JSC::Arguments::setActivation):
        (JSC::Arguments::Arguments):
        * runtime/ArrayConstructor.cpp:
        (JSC::ArrayConstructor::ArrayConstructor):
        (JSC::constructArrayWithSizeQuirk):
        * runtime/ArrayPrototype.cpp:
        (JSC::arrayProtoFuncSplice):
        * runtime/BatchedTransitionOptimizer.h:
        (JSC::BatchedTransitionOptimizer::BatchedTransitionOptimizer):
        (JSC::BatchedTransitionOptimizer::~BatchedTransitionOptimizer):
        * runtime/BooleanConstructor.cpp:
        (JSC::BooleanConstructor::BooleanConstructor):
        (JSC::constructBoolean):
        (JSC::constructBooleanFromImmediateBoolean):
        * runtime/BooleanPrototype.cpp:
        (JSC::BooleanPrototype::BooleanPrototype):
        * runtime/ConservativeSet.cpp:
        (JSC::ConservativeSet::grow):
        * runtime/ConservativeSet.h:
        (JSC::ConservativeSet::~ConservativeSet):
        (JSC::ConservativeSet::mark):
        * runtime/DateConstructor.cpp:
        (JSC::DateConstructor::DateConstructor):
        * runtime/DateInstance.cpp:
        (JSC::DateInstance::DateInstance):
        * runtime/DatePrototype.cpp:
        (JSC::dateProtoFuncSetTime):
        (JSC::setNewValueFromTimeArgs):
        (JSC::setNewValueFromDateArgs):
        (JSC::dateProtoFuncSetYear):
        * runtime/ErrorConstructor.cpp:
        (JSC::ErrorConstructor::ErrorConstructor):
        * runtime/ErrorInstance.cpp:
        (JSC::ErrorInstance::ErrorInstance):
        * runtime/ErrorPrototype.cpp:
        (JSC::ErrorPrototype::ErrorPrototype):
        * runtime/FunctionConstructor.cpp:
        (JSC::FunctionConstructor::FunctionConstructor):
        * runtime/FunctionPrototype.cpp:
        (JSC::FunctionPrototype::FunctionPrototype):
        * runtime/GetterSetter.cpp:
        (JSC::GetterSetter::markChildren):
        * runtime/GetterSetter.h:
        (JSC::GetterSetter::GetterSetter):
        (JSC::GetterSetter::getter):
        (JSC::GetterSetter::setGetter):
        (JSC::GetterSetter::setter):
        (JSC::GetterSetter::setSetter):
        * runtime/GlobalEvalFunction.cpp:
        (JSC::GlobalEvalFunction::GlobalEvalFunction):
        (JSC::GlobalEvalFunction::markChildren):
        * runtime/GlobalEvalFunction.h:
        (JSC::GlobalEvalFunction::cachedGlobalObject):
        * runtime/Heap.cpp:
        (JSC::Heap::markProtectedObjects):
        (JSC::Heap::markTempSortVectors):
        (JSC::Heap::markRoots):
        * runtime/InternalFunction.cpp:
        (JSC::InternalFunction::InternalFunction):
        * runtime/JSAPIValueWrapper.h:
        (JSC::JSAPIValueWrapper::value):
        (JSC::JSAPIValueWrapper::JSAPIValueWrapper):
        * runtime/JSActivation.cpp:
        (JSC::JSActivation::markChildren):
        (JSC::JSActivation::put):
        * runtime/JSArray.cpp:
        (JSC::JSArray::JSArray):
        (JSC::JSArray::getOwnPropertySlot):
        (JSC::JSArray::getOwnPropertyDescriptor):
        (JSC::JSArray::put):
        (JSC::JSArray::putSlowCase):
        (JSC::JSArray::deleteProperty):
        (JSC::JSArray::increaseVectorLength):
        (JSC::JSArray::setLength):
        (JSC::JSArray::pop):
        (JSC::JSArray::push):
        (JSC::JSArray::unshiftCount):
        (JSC::JSArray::sort):
        (JSC::JSArray::fillArgList):
        (JSC::JSArray::copyToRegisters):
        (JSC::JSArray::compactForSorting):
        * runtime/JSArray.h:
        (JSC::JSArray::getIndex):
        (JSC::JSArray::setIndex):
        (JSC::JSArray::uncheckedSetIndex):
        (JSC::JSArray::markChildrenDirect):
        * runtime/JSByteArray.cpp:
        (JSC::JSByteArray::JSByteArray):
        * runtime/JSCell.h:
        (JSC::JSCell::MarkStack::append):
        (JSC::JSCell::MarkStack::internalAppend):
        (JSC::JSCell::MarkStack::deprecatedAppend):
        * runtime/JSFunction.cpp:
        (JSC::JSFunction::JSFunction):
        (JSC::JSFunction::getOwnPropertySlot):
        * runtime/JSGlobalData.h:
        * runtime/JSGlobalObject.cpp:
        (JSC::markIfNeeded):
        (JSC::JSGlobalObject::reset):
        (JSC::JSGlobalObject::resetPrototype):
        (JSC::JSGlobalObject::markChildren):
        * runtime/JSGlobalObject.h:
        (JSC::JSGlobalObject::JSGlobalObjectData::JSGlobalObjectData):
        (JSC::JSGlobalObject::regExpConstructor):
        (JSC::JSGlobalObject::errorConstructor):
        (JSC::JSGlobalObject::evalErrorConstructor):
        (JSC::JSGlobalObject::rangeErrorConstructor):
        (JSC::JSGlobalObject::referenceErrorConstructor):
        (JSC::JSGlobalObject::syntaxErrorConstructor):
        (JSC::JSGlobalObject::typeErrorConstructor):
        (JSC::JSGlobalObject::URIErrorConstructor):
        (JSC::JSGlobalObject::evalFunction):
        (JSC::JSGlobalObject::objectPrototype):
        (JSC::JSGlobalObject::functionPrototype):
        (JSC::JSGlobalObject::arrayPrototype):
        (JSC::JSGlobalObject::booleanPrototype):
        (JSC::JSGlobalObject::stringPrototype):
        (JSC::JSGlobalObject::numberPrototype):
        (JSC::JSGlobalObject::datePrototype):
        (JSC::JSGlobalObject::regExpPrototype):
        (JSC::JSGlobalObject::methodCallDummy):
        (JSC::Structure::prototypeForLookup):
        (JSC::constructArray):
        * runtime/JSONObject.cpp:
        (JSC::Stringifier::Holder::object):
        (JSC::Stringifier::Holder::objectSlot):
        (JSC::Stringifier::markAggregate):
        (JSC::Stringifier::stringify):
        (JSC::Stringifier::Holder::appendNextProperty):
        (JSC::Walker::callReviver):
        (JSC::Walker::walk):
        * runtime/JSObject.cpp:
        (JSC::JSObject::defineGetter):
        (JSC::JSObject::defineSetter):
        (JSC::JSObject::removeDirect):
        (JSC::JSObject::putDirectFunction):
        (JSC::JSObject::putDirectFunctionWithoutTransition):
        (JSC::putDescriptor):
        (JSC::JSObject::defineOwnProperty):
        * runtime/JSObject.h:
        (JSC::JSObject::getDirectOffset):
        (JSC::JSObject::putDirectOffset):
        (JSC::JSObject::putUndefinedAtDirectOffset):
        (JSC::JSObject::flattenDictionaryObject):
        (JSC::JSObject::putDirectInternal):
        (JSC::JSObject::putDirect):
        (JSC::JSObject::putDirectFunction):
        (JSC::JSObject::putDirectWithoutTransition):
        (JSC::JSObject::putDirectFunctionWithoutTransition):
        (JSC::JSValue::putDirect):
        (JSC::JSObject::allocatePropertyStorageInline):
        (JSC::JSObject::markChildrenDirect):
        * runtime/JSPropertyNameIterator.cpp:
        (JSC::JSPropertyNameIterator::JSPropertyNameIterator):
        (JSC::JSPropertyNameIterator::get):
        * runtime/JSPropertyNameIterator.h:
        * runtime/JSStaticScopeObject.cpp:
        (JSC::JSStaticScopeObject::markChildren):
        * runtime/JSString.cpp:
        (JSC::StringObject::create):
        * runtime/JSValue.h:
        * runtime/JSWrapperObject.cpp:
        (JSC::JSWrapperObject::markChildren):
        * runtime/JSWrapperObject.h:
        (JSC::JSWrapperObject::internalValue):
        (JSC::JSWrapperObject::setInternalValue):
        * runtime/LiteralParser.cpp:
        (JSC::LiteralParser::parse):
        * runtime/Lookup.cpp:
        (JSC::setUpStaticFunctionSlot):
        * runtime/Lookup.h:
        (JSC::lookupPut):
        * runtime/MarkStack.h:
        (JSC::MarkStack::MarkStack):
        (JSC::MarkStack::deprecatedAppendValues):
        (JSC::MarkStack::appendValues):
        * runtime/MathObject.cpp:
        (JSC::MathObject::MathObject):
        * runtime/NativeErrorConstructor.cpp:
        (JSC::NativeErrorConstructor::NativeErrorConstructor):
        * runtime/NativeErrorPrototype.cpp:
        (JSC::NativeErrorPrototype::NativeErrorPrototype):
        * runtime/NumberConstructor.cpp:
        (JSC::NumberConstructor::NumberConstructor):
        (JSC::constructWithNumberConstructor):
        * runtime/NumberObject.cpp:
        (JSC::constructNumber):
        * runtime/NumberPrototype.cpp:
        (JSC::NumberPrototype::NumberPrototype):
        * runtime/ObjectConstructor.cpp:
        (JSC::ObjectConstructor::ObjectConstructor):
        (JSC::objectConstructorGetOwnPropertyDescriptor):
        * runtime/Operations.h:
        (JSC::normalizePrototypeChain):
        (JSC::resolveBase):
        * runtime/PrototypeFunction.cpp:
        (JSC::PrototypeFunction::PrototypeFunction):
        * runtime/PutPropertySlot.h:
        (JSC::PutPropertySlot::setExistingProperty):
        (JSC::PutPropertySlot::setNewProperty):
        (JSC::PutPropertySlot::base):
        * runtime/RegExpConstructor.cpp:
        (JSC::RegExpConstructor::RegExpConstructor):
        * runtime/ScopeChain.cpp:
        (JSC::ScopeChainNode::print):
        * runtime/ScopeChain.h:
        (JSC::ScopeChainNode::~ScopeChainNode):
        (JSC::ScopeChainIterator::operator*):
        (JSC::ScopeChainIterator::operator->):
        (JSC::ScopeChain::top):
        * runtime/ScopeChainMark.h:
        (JSC::ScopeChain::markAggregate):
        * runtime/SmallStrings.cpp:
        (JSC::isMarked):
        (JSC::SmallStrings::markChildren):
        * runtime/SmallStrings.h:
        (JSC::SmallStrings::emptyString):
        (JSC::SmallStrings::singleCharacterString):
        (JSC::SmallStrings::singleCharacterStrings):
        * runtime/StringConstructor.cpp:
        (JSC::StringConstructor::StringConstructor):
        * runtime/StringObject.cpp:
        (JSC::StringObject::StringObject):
        * runtime/StringObject.h:
        * runtime/StringPrototype.cpp:
        (JSC::StringPrototype::StringPrototype):
        * runtime/Structure.cpp:
        (JSC::Structure::Structure):
        (JSC::Structure::addPropertyTransition):
        (JSC::Structure::toDictionaryTransition):
        (JSC::Structure::flattenDictionaryStructure):
        * runtime/Structure.h:
        (JSC::Structure::storedPrototype):
        (JSC::Structure::storedPrototypeSlot):
        * runtime/WeakGCMap.h:
        (JSC::WeakGCMap::uncheckedGet):
        (JSC::WeakGCMap::uncheckedGetSlot):
        (JSC::WeakGCMap::isValid):
        (JSC::::get):
        (JSC::::take):
        (JSC::::set):
        (JSC::::uncheckedRemove):
        * runtime/WriteBarrier.h: Added.
        (JSC::DeprecatedPtr::DeprecatedPtr):
        (JSC::DeprecatedPtr::get):
        (JSC::DeprecatedPtr::operator*):
        (JSC::DeprecatedPtr::operator->):
        (JSC::DeprecatedPtr::slot):
        (JSC::DeprecatedPtr::operator UnspecifiedBoolType*):
        (JSC::DeprecatedPtr::operator!):
        (JSC::WriteBarrierBase::set):
        (JSC::WriteBarrierBase::get):
        (JSC::WriteBarrierBase::operator*):
        (JSC::WriteBarrierBase::operator->):
        (JSC::WriteBarrierBase::slot):
        (JSC::WriteBarrierBase::operator UnspecifiedBoolType*):
        (JSC::WriteBarrierBase::operator!):
        (JSC::WriteBarrier::WriteBarrier):
        (JSC::operator==):

2011-01-30  Geoffrey Garen  <ggaren@apple.com>

        Reviewed by Oliver Hunt.

        Filter all Heap collection through a common reset function, in
        preparation for adding features triggered by collection.
        https://bugs.webkit.org/show_bug.cgi?id=53396
        
        SunSpider reports no change.

        * runtime/Heap.cpp:
        (JSC::Heap::reportExtraMemoryCostSlowCase): When we're over the extraCost
        limit, just call collectAllGarbage() instead of rolling our own special
        way of resetting the heap. In theory, this may be slower in some cases,
        but it also fixes cases of pathological heap growth that we've seen,
        where the only objects being allocated are temporary and huge
        (<rdar://problem/8885843>).

        (JSC::Heap::allocate):
        (JSC::Heap::collectAllGarbage): Use the shared reset function.

        (JSC::Heap::reset):
        * runtime/Heap.h: Carved a new shared reset function out of the old
        collectAllGarbage.

2011-01-30  Sheriff Bot  <webkit.review.bot@gmail.com>

        Unreviewed, rolling out r77025.
        http://trac.webkit.org/changeset/77025
        https://bugs.webkit.org/show_bug.cgi?id=53401

        It made js1_5/Regress/regress-159334.js fail on 64 bit Linux
        (Requested by Ossy on #webkit).

        * jit/ExecutableAllocatorFixedVMPool.cpp:
        (JSC::FreeListEntry::FreeListEntry):
        (JSC::AVLTreeAbstractorForFreeList::get_less):
        (JSC::AVLTreeAbstractorForFreeList::set_less):
        (JSC::AVLTreeAbstractorForFreeList::get_greater):
        (JSC::AVLTreeAbstractorForFreeList::set_greater):
        (JSC::AVLTreeAbstractorForFreeList::get_balance_factor):
        (JSC::AVLTreeAbstractorForFreeList::set_balance_factor):
        (JSC::AVLTreeAbstractorForFreeList::null):
        (JSC::AVLTreeAbstractorForFreeList::compare_key_key):
        (JSC::AVLTreeAbstractorForFreeList::compare_key_node):
        (JSC::AVLTreeAbstractorForFreeList::compare_node_node):
        (JSC::reverseSortFreeListEntriesByPointer):
        (JSC::reverseSortCommonSizedAllocations):
        (JSC::FixedVMPoolAllocator::release):
        (JSC::FixedVMPoolAllocator::reuse):
        (JSC::FixedVMPoolAllocator::addToFreeList):
        (JSC::FixedVMPoolAllocator::coalesceFreeSpace):
        (JSC::FixedVMPoolAllocator::FixedVMPoolAllocator):
        (JSC::FixedVMPoolAllocator::alloc):
        (JSC::FixedVMPoolAllocator::free):
        (JSC::FixedVMPoolAllocator::isValid):
        (JSC::FixedVMPoolAllocator::allocInternal):
        (JSC::FixedVMPoolAllocator::isWithinVMPool):
        (JSC::FixedVMPoolAllocator::addToCommittedByteCount):
        (JSC::ExecutableAllocator::committedByteCount):
        (JSC::maybeModifyVMPoolSize):
        (JSC::ExecutableAllocator::isValid):
        (JSC::ExecutableAllocator::underMemoryPressure):
        (JSC::ExecutablePool::systemAlloc):
        (JSC::ExecutablePool::systemRelease):
        * wtf/PageReservation.h:
        (WTF::PageReservation::PageReservation):
        (WTF::PageReservation::commit):
        (WTF::PageReservation::decommit):

2011-01-30  Leo Yang  <leo.yang@torchmobile.com.cn>

        Reviewed by Daniel Bates.

        Code style issue in JavaScriptCore/wtf/CurrentTime.h
        https://bugs.webkit.org/show_bug.cgi?id=53394

        According to rule #3 at http://webkit.org/coding/coding-style.html,
        This patch fix style issue in CurrentTime.h.

        No functionality change, no new tests.

        * wtf/CurrentTime.h:
        (WTF::currentTimeMS):
        (WTF::getLocalTime):

2011-01-30  Benjamin Poulain  <ikipou@gmail.com>

        Reviewed by Kenneth Rohde Christiansen.

        [Qt] JavaScriptCore does not link on Mac if building WebKit 2
        https://bugs.webkit.org/show_bug.cgi?id=53377

        The option "-whole-archive" is not availabe with the libtool of Mac OS X,
        instead, we can use "-all_load" on Mac.

        * JavaScriptCore.pri:

2011-01-29  Geoffrey Garen  <ggaren@apple.com>

        Sorry Leopard bot -- I committed a change by accident.

        * JavaScriptCore.exp: You may have your symbols back now.

2011-01-29  Geoffrey Garen  <ggaren@apple.com>

        Reviewed by Cameron Zwarich.

        Simplified Heap iteration
        https://bugs.webkit.org/show_bug.cgi?id=53393

        * runtime/CollectorHeapIterator.h:
        (JSC::CollectorHeapIterator::isValid):
        (JSC::CollectorHeapIterator::isLive):
        (JSC::CollectorHeapIterator::advance): Removed "max" argument to
        advance because it's a constant.
        (JSC::LiveObjectIterator::LiveObjectIterator):
        (JSC::LiveObjectIterator::operator++):
        (JSC::DeadObjectIterator::DeadObjectIterator):
        (JSC::DeadObjectIterator::operator++):
        (JSC::ObjectIterator::ObjectIterator):
        (JSC::ObjectIterator::operator++): Factored out common checks into
        two helper functions -- isValid() for "Am I past the end?" and isLive()
        for "Is the cell I'm pointing to live?".

        * runtime/MarkedSpace.cpp:
        (JSC::MarkedSpace::freeBlock):
        (JSC::MarkedSpace::sweep): Always sweep from the beginning of the heap
        to the end, to avoid making sweep subtly reliant on internal Heap state.
        (JSC::MarkedSpace::primaryHeapBegin):
        (JSC::MarkedSpace::primaryHeapEnd): Always be explicit about where
        iteration begins.

2011-01-29  Geoffrey Garen  <ggaren@apple.com>

        Reviewed by Cameron Zwarich.

        Simplified heap destruction
        https://bugs.webkit.org/show_bug.cgi?id=53392

        * JavaScriptCore.exp:
        * runtime/Heap.cpp:
        (JSC::Heap::destroy):
        * runtime/Heap.h:
        * runtime/MarkedSpace.cpp:
        (JSC::MarkedSpace::destroy):
        * runtime/MarkedSpace.h: Don't go out of our way to destroy GC-protected
        cells last -- the difficult contortions required to do so just don't seem
        justified. We make no guarantees about GC protection after the client
        throws away JSGlobalData, and it doesn't seem like any meaningful
        guarantee is even possible.

2011-01-29  Geoffrey Garen  <ggaren@apple.com>

        Reviewed by Maciej Stachowiak.

        Switched heap to use the Bitmap class and removed CollectorBitmap
        https://bugs.webkit.org/show_bug.cgi?id=53391
        
        SunSpider says 1.005x as fast. Seems like a fluke.

        * runtime/MarkedSpace.cpp:
        (JSC::MarkedSpace::allocate): Updated for rename and returning a value
        rather than taking a value by reference.

        * runtime/MarkedSpace.h: Code reuse is good.

        * wtf/Bitmap.h:
        (WTF::::testAndSet): Added, since this is the one thing Bitmap was missing
        which CollectorBitmap had. (Renamed from the less conventional "getset".)

        (WTF::::nextPossiblyUnset): Renamed and changed to return a value for
        clarity. It's all the same with inlining.

2011-01-28  Geoffrey Garen  <ggaren@apple.com>

        Reviewed by Maciej Stachowiak.

        Some more Heap cleanup.
        https://bugs.webkit.org/show_bug.cgi?id=53357
        
        * JavaScriptCore.exp:
        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Updated exported symbols.

        * runtime/Heap.cpp:
        (JSC::Heap::reportExtraMemoryCostSlowCase): Renamed recordExtraCost to 
        reportExtraMemoryCostSlowCase to match our naming conventions.

        (JSC::Heap::capacity): Renamed size to capacity because this function
        returns the capacity of the heap, including unused portions.

        * runtime/Heap.h:
        (JSC::Heap::globalData):
        (JSC::Heap::markedSpace):
        (JSC::Heap::machineStackMarker):
        (JSC::Heap::reportExtraMemoryCost): Moved statics to the top of the file.
        Moved ctor and dtor to the beginning of the class definition. Grouped
        functions by purpose.

        * runtime/MarkedSpace.cpp:
        (JSC::MarkedSpace::capacity): Renamed size to capacity because this
        function returns the capacity of the heap, including unused portions.

        * runtime/MarkedSpace.h: Removed statistics and the Statistics class because
        the same information can be gotten just by calling size() and capacity().

        * runtime/MemoryStatistics.cpp:
        * runtime/MemoryStatistics.h: Ditto.

2011-01-29  Daniel Bates  <dbates@rim.com>

        Reviewed by Eric Seidel.

        Move wince/mt19937ar.c to ThirdParty and make it a policy choice
        https://bugs.webkit.org/show_bug.cgi?id=53253

        Make inclusion of MT19937 a policy decision.

        Currently, we hardcoded to  use MT19937 when building for
        Windows CE. Instead, we should make this a policy decision
        with the Windows CE port using this by default.

        * JavaScriptCore.pri: Append Source/ThirdParty to the end
        of the list include directories.
        * wtf/CMakeLists.txt: Ditto.
        * wtf/Platform.h: Defined WTF_USE_MERSENNE_TWISTER_19937 when
        building for Windows CE.
        * wtf/RandomNumber.cpp:
        (WTF::randomNumber): Substituted USE(MERSENNE_TWISTER_19937) for OS(WINCE).

2011-01-29  Cameron Zwarich  <zwarich@apple.com>

        Reviewed by David Kilzer.

        Bug 53374 - Remove uses of unsafe string functions in debugging code
        https://bugs.webkit.org/show_bug.cgi?id=53374

        * runtime/RegExp.cpp:
        (JSC::RegExp::printTraceData):

2011-01-29  Cameron Zwarich  <zwarich@apple.com>

        Reviewed by Oliver Hunt.

        JavaScriptCoreUseJIT environment variable broken
        https://bugs.webkit.org/show_bug.cgi?id=53372

        * runtime/JSGlobalData.cpp:
        (JSC::JSGlobalData::JSGlobalData): Check the actual value in the string returned
        by getenv() rather than just doing a NULL check on the return value.

2011-01-29  Patrick Gansterer  <paroga@webkit.org>

        Reviewed by David Kilzer.

        Move CharacterNames.h into WTF directory
        https://bugs.webkit.org/show_bug.cgi?id=49618

        * GNUmakefile.am:
        * JavaScriptCore.gypi:
        * JavaScriptCore.vcproj/WTF/WTF.vcproj:
        * JavaScriptCore.xcodeproj/project.pbxproj:
        * wtf/CMakeLists.txt:
        * wtf/unicode/CharacterNames.h: Renamed from WebCore/platform/text/CharacterNames.h.
        * wtf/unicode/UTF8.cpp:

2011-01-28  Simon Fraser  <simon.fraser@apple.com>

        Reviewed by Gavin Barraclough.

        Add various clampToInt() methods to MathExtras.h
        https://bugs.webkit.org/show_bug.cgi?id=52910
        
        Add functions for clamping doubles and floats to valid int
        ranges, for signed and positive integers.

        * wtf/MathExtras.h:
        (clampToInteger):
        (clampToPositiveInteger):

2011-01-28  Sheriff Bot  <webkit.review.bot@gmail.com>

        Unreviewed, rolling out r77006 and r77020.
        http://trac.webkit.org/changeset/77006
        http://trac.webkit.org/changeset/77020
        https://bugs.webkit.org/show_bug.cgi?id=53360

        "Broke Windows tests" (Requested by rniwa on #webkit).

        * API/JSCallbackObject.h:
        (JSC::JSCallbackObjectData::setPrivateProperty):
        (JSC::JSCallbackObjectData::JSPrivatePropertyMap::getPrivateProperty):
        (JSC::JSCallbackObjectData::JSPrivatePropertyMap::setPrivateProperty):
        (JSC::JSCallbackObjectData::JSPrivatePropertyMap::markChildren):
        (JSC::JSCallbackObject::setPrivateProperty):
        * API/JSCallbackObjectFunctions.h:
        (JSC::::put):
        (JSC::::staticFunctionGetter):
        * API/JSObjectRef.cpp:
        (JSObjectMakeConstructor):
        (JSObjectSetPrivateProperty):
        * API/JSWeakObjectMapRefInternal.h:
        * JavaScriptCore.exp:
        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
        * JavaScriptCore.xcodeproj/project.pbxproj:
        * bytecode/CodeBlock.cpp:
        (JSC::CodeBlock::markAggregate):
        * bytecode/CodeBlock.h:
        (JSC::CodeBlock::globalObject):
        * bytecompiler/BytecodeGenerator.cpp:
        (JSC::BytecodeGenerator::BytecodeGenerator):
        (JSC::BytecodeGenerator::emitJumpIfNotFunctionCall):
        (JSC::BytecodeGenerator::emitJumpIfNotFunctionApply):
        (JSC::BytecodeGenerator::findScopedProperty):
        * debugger/Debugger.cpp:
        (JSC::evaluateInGlobalCallFrame):
        * debugger/DebuggerActivation.cpp:
        (JSC::DebuggerActivation::DebuggerActivation):
        (JSC::DebuggerActivation::markChildren):
        * debugger/DebuggerActivation.h:
        * debugger/DebuggerCallFrame.cpp:
        (JSC::DebuggerCallFrame::evaluate):
        * interpreter/CallFrame.h:
        (JSC::ExecState::exception):
        * interpreter/Interpreter.cpp:
        (JSC::Interpreter::resolve):
        (JSC::Interpreter::resolveSkip):
        (JSC::Interpreter::resolveGlobal):
        (JSC::Interpreter::resolveGlobalDynamic):
        (JSC::Interpreter::resolveBaseAndProperty):
        (JSC::Interpreter::unwindCallFrame):
        (JSC::appendSourceToError):
        (JSC::Interpreter::execute):
        (JSC::Interpreter::tryCacheGetByID):
        (JSC::Interpreter::privateExecute):
        * jit/JITStubs.cpp:
        (JSC::JITThunks::tryCacheGetByID):
        (JSC::DEFINE_STUB_FUNCTION):
        * jsc.cpp:
        (GlobalObject::GlobalObject):
        * runtime/ArgList.cpp:
        (JSC::MarkedArgumentBuffer::markLists):
        * runtime/Arguments.cpp:
        (JSC::Arguments::markChildren):
        (JSC::Arguments::getOwnPropertySlot):
        (JSC::Arguments::getOwnPropertyDescriptor):
        (JSC::Arguments::put):
        * runtime/Arguments.h:
        (JSC::Arguments::setActivation):
        (JSC::Arguments::Arguments):
        * runtime/ArrayConstructor.cpp:
        (JSC::ArrayConstructor::ArrayConstructor):
        (JSC::constructArrayWithSizeQuirk):
        * runtime/ArrayPrototype.cpp:
        (JSC::arrayProtoFuncSplice):
        * runtime/BatchedTransitionOptimizer.h:
        (JSC::BatchedTransitionOptimizer::BatchedTransitionOptimizer):
        (JSC::BatchedTransitionOptimizer::~BatchedTransitionOptimizer):
        * runtime/BooleanConstructor.cpp:
        (JSC::BooleanConstructor::BooleanConstructor):
        (JSC::constructBoolean):
        (JSC::constructBooleanFromImmediateBoolean):
        * runtime/BooleanPrototype.cpp:
        (JSC::BooleanPrototype::BooleanPrototype):
        * runtime/ConservativeSet.cpp:
        (JSC::ConservativeSet::grow):
        * runtime/ConservativeSet.h:
        (JSC::ConservativeSet::~ConservativeSet):
        (JSC::ConservativeSet::mark):
        * runtime/DateConstructor.cpp:
        (JSC::DateConstructor::DateConstructor):
        * runtime/DateInstance.cpp:
        (JSC::DateInstance::DateInstance):
        * runtime/DatePrototype.cpp:
        (JSC::dateProtoFuncSetTime):
        (JSC::setNewValueFromTimeArgs):
        (JSC::setNewValueFromDateArgs):
        (JSC::dateProtoFuncSetYear):
        * runtime/ErrorConstructor.cpp:
        (JSC::ErrorConstructor::ErrorConstructor):
        * runtime/ErrorInstance.cpp:
        (JSC::ErrorInstance::ErrorInstance):
        * runtime/ErrorPrototype.cpp:
        (JSC::ErrorPrototype::ErrorPrototype):
        * runtime/FunctionConstructor.cpp:
        (JSC::FunctionConstructor::FunctionConstructor):
        * runtime/FunctionPrototype.cpp:
        (JSC::FunctionPrototype::FunctionPrototype):
        * runtime/GetterSetter.cpp:
        (JSC::GetterSetter::markChildren):
        * runtime/GetterSetter.h:
        (JSC::GetterSetter::GetterSetter):
        (JSC::GetterSetter::getter):
        (JSC::GetterSetter::setGetter):
        (JSC::GetterSetter::setter):
        (JSC::GetterSetter::setSetter):
        * runtime/GlobalEvalFunction.cpp:
        (JSC::GlobalEvalFunction::GlobalEvalFunction):
        (JSC::GlobalEvalFunction::markChildren):
        * runtime/GlobalEvalFunction.h:
        (JSC::GlobalEvalFunction::cachedGlobalObject):
        * runtime/Heap.cpp:
        (JSC::Heap::markProtectedObjects):
        (JSC::Heap::markTempSortVectors):
        (JSC::Heap::markRoots):
        * runtime/InternalFunction.cpp:
        (JSC::InternalFunction::InternalFunction):
        * runtime/JSAPIValueWrapper.h:
        (JSC::JSAPIValueWrapper::value):
        (JSC::JSAPIValueWrapper::JSAPIValueWrapper):
        * runtime/JSActivation.cpp:
        (JSC::JSActivation::markChildren):
        (JSC::JSActivation::put):
        * runtime/JSArray.cpp:
        (JSC::JSArray::JSArray):
        (JSC::JSArray::getOwnPropertySlot):
        (JSC::JSArray::getOwnPropertyDescriptor):
        (JSC::JSArray::put):
        (JSC::JSArray::putSlowCase):
        (JSC::JSArray::deleteProperty):
        (JSC::JSArray::increaseVectorLength):
        (JSC::JSArray::setLength):
        (JSC::JSArray::pop):
        (JSC::JSArray::push):
        (JSC::JSArray::unshiftCount):
        (JSC::JSArray::sort):
        (JSC::JSArray::fillArgList):
        (JSC::JSArray::copyToRegisters):
        (JSC::JSArray::compactForSorting):
        * runtime/JSArray.h:
        (JSC::JSArray::getIndex):
        (JSC::JSArray::setIndex):
        (JSC::JSArray::uncheckedSetIndex):
        (JSC::JSArray::markChildrenDirect):
        * runtime/JSByteArray.cpp:
        (JSC::JSByteArray::JSByteArray):
        * runtime/JSCell.h:
        (JSC::JSCell::JSValue::toThisObject):
        (JSC::JSCell::MarkStack::append):
        * runtime/JSFunction.cpp:
        (JSC::JSFunction::JSFunction):
        (JSC::JSFunction::getOwnPropertySlot):
        * runtime/JSGlobalData.h:
        * runtime/JSGlobalObject.cpp:
        (JSC::markIfNeeded):
        (JSC::JSGlobalObject::reset):
        (JSC::JSGlobalObject::resetPrototype):
        (JSC::JSGlobalObject::markChildren):
        * runtime/JSGlobalObject.h:
        (JSC::JSGlobalObject::JSGlobalObjectData::JSGlobalObjectData):
        (JSC::JSGlobalObject::regExpConstructor):
        (JSC::JSGlobalObject::errorConstructor):
        (JSC::JSGlobalObject::evalErrorConstructor):
        (JSC::JSGlobalObject::rangeErrorConstructor):
        (JSC::JSGlobalObject::referenceErrorConstructor):
        (JSC::JSGlobalObject::syntaxErrorConstructor):
        (JSC::JSGlobalObject::typeErrorConstructor):
        (JSC::JSGlobalObject::URIErrorConstructor):
        (JSC::JSGlobalObject::evalFunction):
        (JSC::JSGlobalObject::objectPrototype):
        (JSC::JSGlobalObject::functionPrototype):
        (JSC::JSGlobalObject::arrayPrototype):
        (JSC::JSGlobalObject::booleanPrototype):
        (JSC::JSGlobalObject::stringPrototype):
        (JSC::JSGlobalObject::numberPrototype):
        (JSC::JSGlobalObject::datePrototype):
        (JSC::JSGlobalObject::regExpPrototype):
        (JSC::JSGlobalObject::methodCallDummy):
        (JSC::Structure::prototypeForLookup):
        (JSC::constructArray):
        * runtime/JSONObject.cpp:
        (JSC::Stringifier::Holder::object):
        (JSC::Stringifier::markAggregate):
        (JSC::Stringifier::stringify):
        (JSC::Stringifier::Holder::appendNextProperty):
        (JSC::Walker::callReviver):
        (JSC::Walker::walk):
        * runtime/JSObject.cpp:
        (JSC::JSObject::defineGetter):
        (JSC::JSObject::defineSetter):
        (JSC::JSObject::removeDirect):
        (JSC::JSObject::putDirectFunction):
        (JSC::JSObject::putDirectFunctionWithoutTransition):
        (JSC::putDescriptor):
        (JSC::JSObject::defineOwnProperty):
        * runtime/JSObject.h:
        (JSC::JSObject::getDirectOffset):
        (JSC::JSObject::putDirectOffset):
        (JSC::JSObject::flattenDictionaryObject):
        (JSC::JSObject::putDirectInternal):
        (JSC::JSObject::putDirect):
        (JSC::JSObject::putDirectFunction):
        (JSC::JSObject::putDirectWithoutTransition):
        (JSC::JSObject::putDirectFunctionWithoutTransition):
        (JSC::JSValue::putDirect):
        (JSC::JSObject::allocatePropertyStorageInline):
        (JSC::JSObject::markChildrenDirect):
        * runtime/JSPropertyNameIterator.cpp:
        (JSC::JSPropertyNameIterator::JSPropertyNameIterator):
        (JSC::JSPropertyNameIterator::get):
        * runtime/JSPropertyNameIterator.h:
        * runtime/JSStaticScopeObject.cpp:
        (JSC::JSStaticScopeObject::markChildren):
        * runtime/JSString.cpp:
        (JSC::StringObject::create):
        * runtime/JSValue.h:
        * runtime/JSWrapperObject.cpp:
        (JSC::JSWrapperObject::markChildren):
        * runtime/JSWrapperObject.h:
        (JSC::JSWrapperObject::internalValue):
        (JSC::JSWrapperObject::setInternalValue):
        * runtime/LiteralParser.cpp:
        (JSC::LiteralParser::parse):
        * runtime/Lookup.cpp:
        (JSC::setUpStaticFunctionSlot):
        * runtime/Lookup.h:
        (JSC::lookupPut):
        * runtime/MarkStack.h:
        (JSC::MarkStack::appendValues):
        * runtime/MathObject.cpp:
        (JSC::MathObject::MathObject):
        * runtime/NativeErrorConstructor.cpp:
        (JSC::NativeErrorConstructor::NativeErrorConstructor):
        * runtime/NativeErrorPrototype.cpp:
        (JSC::NativeErrorPrototype::NativeErrorPrototype):
        * runtime/NumberConstructor.cpp:
        (JSC::NumberConstructor::NumberConstructor):
        (JSC::constructWithNumberConstructor):
        * runtime/NumberObject.cpp:
        (JSC::constructNumber):
        * runtime/NumberPrototype.cpp:
        (JSC::NumberPrototype::NumberPrototype):
        * runtime/ObjectConstructor.cpp:
        (JSC::ObjectConstructor::ObjectConstructor):
        (JSC::objectConstructorGetOwnPropertyDescriptor):
        * runtime/Operations.h:
        (JSC::normalizePrototypeChain):
        (JSC::resolveBase):
        * runtime/PrototypeFunction.cpp:
        (JSC::PrototypeFunction::PrototypeFunction):
        * runtime/PutPropertySlot.h:
        (JSC::PutPropertySlot::setExistingProperty):
        (JSC::PutPropertySlot::setNewProperty):
        (JSC::PutPropertySlot::base):
        * runtime/RegExpConstructor.cpp:
        (JSC::RegExpConstructor::RegExpConstructor):
        * runtime/ScopeChain.cpp:
        (JSC::ScopeChainNode::print):
        * runtime/ScopeChain.h:
        (JSC::ScopeChainNode::~ScopeChainNode):
        (JSC::ScopeChainIterator::operator*):
        (JSC::ScopeChainIterator::operator->):
        (JSC::ScopeChain::top):
        * runtime/ScopeChainMark.h:
        (JSC::ScopeChain::markAggregate):
        * runtime/SmallStrings.cpp:
        (JSC::isMarked):
        (JSC::SmallStrings::markChildren):
        * runtime/SmallStrings.h:
        (JSC::SmallStrings::emptyString):
        (JSC::SmallStrings::singleCharacterString):
        (JSC::SmallStrings::singleCharacterStrings):
        * runtime/StringConstructor.cpp:
        (JSC::StringConstructor::StringConstructor):
        * runtime/StringObject.cpp:
        (JSC::StringObject::StringObject):
        * runtime/StringObject.h:
        * runtime/StringPrototype.cpp:
        (JSC::StringPrototype::StringPrototype):
        * runtime/Structure.cpp:
        (JSC::Structure::Structure):
        (JSC::Structure::addPropertyTransition):
        (JSC::Structure::toDictionaryTransition):
        (JSC::Structure::flattenDictionaryStructure):
        * runtime/Structure.h:
        (JSC::Structure::storedPrototype):
        * runtime/WeakGCMap.h:
        (JSC::WeakGCMap::uncheckedGet):
        (JSC::WeakGCMap::isValid):
        (JSC::::get):
        (JSC::::take):
        (JSC::::set):
        (JSC::::uncheckedRemove):
        * runtime/WriteBarrier.h: Removed.

2011-01-28  Gavin Barraclough  <barraclough@apple.com>

        Reviewed by Geoff Garen.

        https://bugs.webkit.org/show_bug.cgi?id=53352
        Heavy external fragmentation in FixedVMPoolAllocator can lead to a CRASH().

        The FixedVMPoolAllocator currently uses a best fix policy -
        switch to first fit, this is less prone to external fragmentation.

        * jit/ExecutableAllocatorFixedVMPool.cpp:
        (JSC::AllocationTableSizeClass::AllocationTableSizeClass):
        (JSC::AllocationTableSizeClass::blockSize):
        (JSC::AllocationTableSizeClass::blockCount):
        (JSC::AllocationTableSizeClass::blockAlignment):
        (JSC::AllocationTableSizeClass::size):
        (JSC::AllocationTableLeaf::AllocationTableLeaf):
        (JSC::AllocationTableLeaf::~AllocationTableLeaf):
        (JSC::AllocationTableLeaf::allocate):
        (JSC::AllocationTableLeaf::free):
        (JSC::AllocationTableLeaf::isEmpty):
        (JSC::AllocationTableLeaf::isFull):
        (JSC::AllocationTableLeaf::size):
        (JSC::AllocationTableLeaf::classForSize):
        (JSC::AllocationTableLeaf::dump):
        (JSC::LazyAllocationTable::LazyAllocationTable):
        (JSC::LazyAllocationTable::~LazyAllocationTable):
        (JSC::LazyAllocationTable::allocate):
        (JSC::LazyAllocationTable::free):
        (JSC::LazyAllocationTable::isEmpty):
        (JSC::LazyAllocationTable::isFull):
        (JSC::LazyAllocationTable::size):
        (JSC::LazyAllocationTable::dump):
        (JSC::LazyAllocationTable::classForSize):
        (JSC::AllocationTableDirectory::AllocationTableDirectory):
        (JSC::AllocationTableDirectory::~AllocationTableDirectory):
        (JSC::AllocationTableDirectory::allocate):
        (JSC::AllocationTableDirectory::free):
        (JSC::AllocationTableDirectory::isEmpty):
        (JSC::AllocationTableDirectory::isFull):
        (JSC::AllocationTableDirectory::size):
        (JSC::AllocationTableDirectory::classForSize):
        (JSC::AllocationTableDirectory::dump):
        (JSC::FixedVMPoolAllocator::FixedVMPoolAllocator):
        (JSC::FixedVMPoolAllocator::alloc):
        (JSC::FixedVMPoolAllocator::free):
        (JSC::FixedVMPoolAllocator::allocated):
        (JSC::FixedVMPoolAllocator::isValid):
        (JSC::FixedVMPoolAllocator::classForSize):
        (JSC::FixedVMPoolAllocator::offsetToPointer):
        (JSC::FixedVMPoolAllocator::pointerToOffset):
        (JSC::ExecutableAllocator::committedByteCount):
        (JSC::ExecutableAllocator::isValid):
        (JSC::ExecutableAllocator::underMemoryPressure):
        (JSC::ExecutablePool::systemAlloc):
        (JSC::ExecutablePool::systemRelease):
        * wtf/PageReservation.h:
        (WTF::PageReservation::PageReservation):
        (WTF::PageReservation::commit):
        (WTF::PageReservation::decommit):
        (WTF::PageReservation::committed):

2011-01-27  Oliver Hunt  <oliver@apple.com>

        Reviewed by Geoffrey Garen.

        Convert markstack to a slot visitor API
        https://bugs.webkit.org/show_bug.cgi?id=53219

        Move the MarkStack over to a slot based marking API.

        In order to avoiding aliasing concerns there are two new types
        that need to be used when holding on to JSValues and JSCell that
        need to be marked: WriteBarrier and DeprecatedPtr.  WriteBarrier
        is expected to be used for any JSValue or Cell that's lifetime and
        marking is controlled by another GC object.  DeprecatedPtr is used
        for any value that we need to rework ownership for.

        The change over to this model has produced a large amount of
        code changes, but they are mostly mechanical (forwarding JSGlobalData,
        etc).

        * API/JSCallbackObject.h:
        (JSC::JSCallbackObjectData::setPrivateProperty):
        (JSC::JSCallbackObjectData::JSPrivatePropertyMap::getPrivateProperty):
        (JSC::JSCallbackObjectData::JSPrivatePropertyMap::setPrivateProperty):
        (JSC::JSCallbackObjectData::JSPrivatePropertyMap::markChildren):
        (JSC::JSCallbackObject::setPrivateProperty):
        * API/JSCallbackObjectFunctions.h:
        (JSC::::put):
        (JSC::::staticFunctionGetter):
        * API/JSObjectRef.cpp:
        (JSObjectMakeConstructor):
        (JSObjectSetPrivateProperty):
        * API/JSWeakObjectMapRefInternal.h:
        * JavaScriptCore.exp:
        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
        * JavaScriptCore.xcodeproj/project.pbxproj:
        * bytecode/CodeBlock.cpp:
        (JSC::CodeBlock::markAggregate):
        * bytecode/CodeBlock.h:
        (JSC::CodeBlock::globalObject):
        * bytecompiler/BytecodeGenerator.cpp:
        (JSC::BytecodeGenerator::BytecodeGenerator):
        (JSC::BytecodeGenerator::emitJumpIfNotFunctionCall):
        (JSC::BytecodeGenerator::emitJumpIfNotFunctionApply):
        (JSC::BytecodeGenerator::findScopedProperty):
        * debugger/DebuggerActivation.cpp:
        (JSC::DebuggerActivation::DebuggerActivation):
        (JSC::DebuggerActivation::markChildren):
        * debugger/DebuggerActivation.h:
        * interpreter/Interpreter.cpp:
        (JSC::Interpreter::resolve):
        (JSC::Interpreter::resolveSkip):
        (JSC::Interpreter::resolveGlobalDynamic):
        (JSC::Interpreter::resolveBaseAndProperty):
        (JSC::Interpreter::unwindCallFrame):
        (JSC::appendSourceToError):
        (JSC::Interpreter::execute):
        (JSC::Interpreter::privateExecute):
        * interpreter/Register.h:
        (JSC::Register::jsValueSlot):
        * jit/JITStubs.cpp:
        (JSC::JITThunks::tryCacheGetByID):
        (JSC::DEFINE_STUB_FUNCTION):
        * jsc.cpp:
        (GlobalObject::GlobalObject):
        * runtime/Arguments.cpp:
        (JSC::Arguments::markChildren):
        (JSC::Arguments::getOwnPropertySlot):
        (JSC::Arguments::getOwnPropertyDescriptor):
        (JSC::Arguments::put):
        * runtime/Arguments.h:
        (JSC::Arguments::setActivation):
        (JSC::Arguments::Arguments):
        * runtime/ArrayConstructor.cpp:
        (JSC::ArrayConstructor::ArrayConstructor):
        (JSC::constructArrayWithSizeQuirk):
        * runtime/ArrayPrototype.cpp:
        (JSC::arrayProtoFuncSplice):
        * runtime/BatchedTransitionOptimizer.h:
        (JSC::BatchedTransitionOptimizer::BatchedTransitionOptimizer):
        (JSC::BatchedTransitionOptimizer::~BatchedTransitionOptimizer):
        * runtime/BooleanConstructor.cpp:
        (JSC::BooleanConstructor::BooleanConstructor):
        (JSC::constructBoolean):
        (JSC::constructBooleanFromImmediateBoolean):
        * runtime/BooleanPrototype.cpp:
        (JSC::BooleanPrototype::BooleanPrototype):
        * runtime/ConservativeSet.h:
        (JSC::ConservativeSet::mark):
        * runtime/DateConstructor.cpp:
        (JSC::DateConstructor::DateConstructor):
        * runtime/DateInstance.cpp:
        (JSC::DateInstance::DateInstance):
        * runtime/DatePrototype.cpp:
        (JSC::dateProtoFuncSetTime):
        (JSC::setNewValueFromTimeArgs):
        (JSC::setNewValueFromDateArgs):
        (JSC::dateProtoFuncSetYear):
        * runtime/ErrorConstructor.cpp:
        (JSC::ErrorConstructor::ErrorConstructor):
        * runtime/ErrorInstance.cpp:
        (JSC::ErrorInstance::ErrorInstance):
        * runtime/ErrorPrototype.cpp:
        (JSC::ErrorPrototype::ErrorPrototype):
        * runtime/FunctionConstructor.cpp:
        (JSC::FunctionConstructor::FunctionConstructor):
        * runtime/FunctionPrototype.cpp:
        (JSC::FunctionPrototype::FunctionPrototype):
        * runtime/GetterSetter.cpp:
        (JSC::GetterSetter::markChildren):
        * runtime/GetterSetter.h:
        (JSC::GetterSetter::GetterSetter):
        (JSC::GetterSetter::getter):
        (JSC::GetterSetter::setGetter):
        (JSC::GetterSetter::setter):
        (JSC::GetterSetter::setSetter):
        * runtime/GlobalEvalFunction.cpp:
        (JSC::GlobalEvalFunction::GlobalEvalFunction):
        (JSC::GlobalEvalFunction::markChildren):
        * runtime/GlobalEvalFunction.h:
        (JSC::GlobalEvalFunction::cachedGlobalObject):
        * runtime/Heap.cpp:
        (JSC::Heap::markProtectedObjects):
        (JSC::Heap::markTempSortVectors):
        (JSC::Heap::markRoots):
        * runtime/InternalFunction.cpp:
        (JSC::InternalFunction::InternalFunction):
        * runtime/JSAPIValueWrapper.h:
        (JSC::JSAPIValueWrapper::value):
        (JSC::JSAPIValueWrapper::JSAPIValueWrapper):
        * runtime/JSActivation.cpp:
        (JSC::JSActivation::put):
        * runtime/JSArray.cpp:
        (JSC::JSArray::JSArray):
        (JSC::JSArray::getOwnPropertySlot):
        (JSC::JSArray::getOwnPropertyDescriptor):
        (JSC::JSArray::put):
        (JSC::JSArray::putSlowCase):
        (JSC::JSArray::deleteProperty):
        (JSC::JSArray::increaseVectorLength):
        (JSC::JSArray::setLength):
        (JSC::JSArray::pop):
        (JSC::JSArray::push):
        (JSC::JSArray::unshiftCount):
        (JSC::JSArray::sort):
        (JSC::JSArray::fillArgList):
        (JSC::JSArray::copyToRegisters):
        (JSC::JSArray::compactForSorting):
        * runtime/JSArray.h:
        (JSC::JSArray::getIndex):
        (JSC::JSArray::setIndex):
        (JSC::JSArray::uncheckedSetIndex):
        (JSC::JSArray::markChildrenDirect):
        * runtime/JSByteArray.cpp:
        (JSC::JSByteArray::JSByteArray):
        * runtime/JSCell.h:
        (JSC::JSCell::MarkStack::append):
        (JSC::JSCell::MarkStack::appendCell):
        * runtime/JSFunction.cpp:
        (JSC::JSFunction::JSFunction):
        (JSC::JSFunction::getOwnPropertySlot):
        * runtime/JSGlobalObject.cpp:
        (JSC::markIfNeeded):
        (JSC::JSGlobalObject::reset):
        (JSC::JSGlobalObject::resetPrototype):
        (JSC::JSGlobalObject::markChildren):
        * runtime/JSGlobalObject.h:
        (JSC::JSGlobalObject::JSGlobalObjectData::JSGlobalObjectData):
        (JSC::JSGlobalObject::regExpConstructor):
        (JSC::JSGlobalObject::errorConstructor):
        (JSC::JSGlobalObject::evalErrorConstructor):
        (JSC::JSGlobalObject::rangeErrorConstructor):
        (JSC::JSGlobalObject::referenceErrorConstructor):
        (JSC::JSGlobalObject::syntaxErrorConstructor):
        (JSC::JSGlobalObject::typeErrorConstructor):
        (JSC::JSGlobalObject::URIErrorConstructor):
        (JSC::JSGlobalObject::evalFunction):
        (JSC::JSGlobalObject::objectPrototype):
        (JSC::JSGlobalObject::functionPrototype):
        (JSC::JSGlobalObject::arrayPrototype):
        (JSC::JSGlobalObject::booleanPrototype):
        (JSC::JSGlobalObject::stringPrototype):
        (JSC::JSGlobalObject::numberPrototype):
        (JSC::JSGlobalObject::datePrototype):
        (JSC::JSGlobalObject::regExpPrototype):
        (JSC::JSGlobalObject::methodCallDummy):
        (JSC::constructArray):
        * runtime/JSONObject.cpp:
        (JSC::Stringifier::Holder::object):
        (JSC::Stringifier::Holder::objectSlot):
        (JSC::Stringifier::markAggregate):
        (JSC::Stringifier::stringify):
        (JSC::Stringifier::Holder::appendNextProperty):
        (JSC::Walker::callReviver):
        (JSC::Walker::walk):
        * runtime/JSObject.cpp:
        (JSC::JSObject::defineGetter):
        (JSC::JSObject::defineSetter):
        (JSC::JSObject::removeDirect):
        (JSC::JSObject::putDirectFunction):
        (JSC::JSObject::putDirectFunctionWithoutTransition):
        (JSC::putDescriptor):
        (JSC::JSObject::defineOwnProperty):
        * runtime/JSObject.h:
        (JSC::JSObject::putDirectOffset):
        (JSC::JSObject::putUndefinedAtDirectOffset):
        (JSC::JSObject::flattenDictionaryObject):
        (JSC::JSObject::putDirectInternal):
        (JSC::JSObject::putDirect):
        (JSC::JSObject::putDirectFunction):
        (JSC::JSObject::putDirectWithoutTransition):
        (JSC::JSObject::putDirectFunctionWithoutTransition):
        (JSC::JSValue::putDirect):
        (JSC::JSObject::allocatePropertyStorageInline):
        (JSC::JSObject::markChildrenDirect):
        * runtime/JSStaticScopeObject.cpp:
        (JSC::JSStaticScopeObject::markChildren):
        * runtime/JSString.cpp:
        (JSC::StringObject::create):
        * runtime/JSValue.h:
        * runtime/JSWrapperObject.cpp:
        (JSC::JSWrapperObject::markChildren):
        * runtime/JSWrapperObject.h:
        (JSC::JSWrapperObject::internalValue):
        (JSC::JSWrapperObject::setInternalValue):
        * runtime/LiteralParser.cpp:
        (JSC::LiteralParser::parse):
        * runtime/Lookup.cpp:
        (JSC::setUpStaticFunctionSlot):
        * runtime/Lookup.h:
        (JSC::lookupPut):
        * runtime/MarkStack.h:
        * runtime/MathObject.cpp:
        (JSC::MathObject::MathObject):
        * runtime/NativeErrorConstructor.cpp:
        (JSC::NativeErrorConstructor::NativeErrorConstructor):
        * runtime/NativeErrorPrototype.cpp:
        (JSC::NativeErrorPrototype::NativeErrorPrototype):
        * runtime/NumberConstructor.cpp:
        (JSC::NumberConstructor::NumberConstructor):
        (JSC::constructWithNumberConstructor):
        * runtime/NumberObject.cpp:
        (JSC::constructNumber):
        * runtime/NumberPrototype.cpp:
        (JSC::NumberPrototype::NumberPrototype):
        * runtime/ObjectConstructor.cpp:
        (JSC::ObjectConstructor::ObjectConstructor):
        (JSC::objectConstructorGetOwnPropertyDescriptor):
        * runtime/Operations.h:
        (JSC::normalizePrototypeChain):
        (JSC::resolveBase):
        * runtime/PrototypeFunction.cpp:
        (JSC::PrototypeFunction::PrototypeFunction):
        * runtime/PutPropertySlot.h:
        (JSC::PutPropertySlot::setExistingProperty):
        (JSC::PutPropertySlot::setNewProperty):
        (JSC::PutPropertySlot::base):
        * runtime/RegExpConstructor.cpp:
        (JSC::RegExpConstructor::RegExpConstructor):
        * runtime/ScopeChain.cpp:
        (JSC::ScopeChainNode::print):
        * runtime/ScopeChain.h:
        (JSC::ScopeChainNode::~ScopeChainNode):
        (JSC::ScopeChainIterator::operator*):
        (JSC::ScopeChainIterator::operator->):
        (JSC::ScopeChain::top):
        * runtime/ScopeChainMark.h:
        (JSC::ScopeChain::markAggregate):
        * runtime/SmallStrings.cpp:
        (JSC::isMarked):
        (JSC::SmallStrings::markChildren):
        * runtime/SmallStrings.h:
        (JSC::SmallStrings::emptyString):
        (JSC::SmallStrings::singleCharacterString):
        (JSC::SmallStrings::singleCharacterStrings):
        * runtime/StringConstructor.cpp:
        (JSC::StringConstructor::StringConstructor):
        * runtime/StringObject.cpp:
        (JSC::StringObject::StringObject):
        * runtime/StringObject.h:
        * runtime/StringPrototype.cpp:
        (JSC::StringPrototype::StringPrototype):
        * runtime/Structure.cpp:
        (JSC::Structure::flattenDictionaryStructure):
        * runtime/Structure.h:
        (JSC::Structure::storedPrototypeSlot):
        * runtime/WeakGCMap.h:
        (JSC::WeakGCMap::uncheckedGet):
        (JSC::WeakGCMap::uncheckedGetSlot):
        (JSC::::get):
        (JSC::::take):
        (JSC::::set):
        (JSC::::uncheckedRemove):
        * runtime/WriteBarrier.h: Added.
        (JSC::DeprecatedPtr::DeprecatedPtr):
        (JSC::DeprecatedPtr::get):
        (JSC::DeprecatedPtr::operator*):
        (JSC::DeprecatedPtr::operator->):
        (JSC::DeprecatedPtr::slot):
        (JSC::DeprecatedPtr::operator UnspecifiedBoolType*):
        (JSC::DeprecatedPtr::operator!):
        (JSC::WriteBarrierBase::set):
        (JSC::WriteBarrierBase::get):
        (JSC::WriteBarrierBase::operator*):
        (JSC::WriteBarrierBase::operator->):
        (JSC::WriteBarrierBase::slot):
        (JSC::WriteBarrierBase::operator UnspecifiedBoolType*):
        (JSC::WriteBarrierBase::operator!):
        (JSC::WriteBarrier::WriteBarrier):
        (JSC::operator==):

2011-01-28  Adam Roben  <aroben@apple.com>

        Chromium build fix after r76967

        * wtf/ThreadingPrimitives.h: Use OS(WINDOWS) instead of PLATFORM(WIN), to match other
        similar macros in this file.

2011-01-28  Michael Saboff  <msaboff@apple.com>

        Potentially Unsafe HashSet of RuntimeObject* in RootObject definition
        https://bugs.webkit.org/show_bug.cgi?id=53271

        Reapplying this this change.  No change from prior patch in
        JavaScriptCore.

        Added new isValid() methods to check if a contained object in
        a WeakGCMap is valid when using an unchecked iterator.

        * runtime/WeakGCMap.h:
        (JSC::WeakGCMap::isValid):

2011-01-27  Adam Roben  <aroben@apple.com>

        Extract code to convert a WTF absolute time to a Win32 wait interval into a separate
        function

        Fixes <http://webkit.org/b/53208> <rdar://problem/8922490> BinarySemaphore should wrap a
        Win32 event

        Reviewed by Dave Hyatt.

        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Export the new function.

        * wtf/ThreadingPrimitives.h: Declare the new function.

        * wtf/ThreadingWin.cpp:
        (WTF::ThreadCondition::timedWait): Moved code to convert the absolute time to a wait
        interval from here...
        (WTF::absoluteTimeToWaitTimeoutInterval): ...to here.

2011-01-28  Sam Weinig  <sam@webkit.org>

        Reviewed by Maciej Stachowiak.

        Add basic rubber banding support
        <rdar://problem/8219429>
        https://bugs.webkit.org/show_bug.cgi?id=53277

        * wtf/Platform.h: Add ENABLE for rubber banding.

2011-01-28  Sheriff Bot  <webkit.review.bot@gmail.com>

        Unreviewed, rolling out r76893.
        http://trac.webkit.org/changeset/76893
        https://bugs.webkit.org/show_bug.cgi?id=53287

        It made some tests crash on GTK and Qt debug bots (Requested
        by Ossy on #webkit).

        * runtime/WeakGCMap.h:

2011-01-27  Adam Barth  <abarth@webkit.org>

        Reviewed by Eric Seidel.

        Add WTFString method to compare equality with Vector<UChar>
        https://bugs.webkit.org/show_bug.cgi?id=53266

        I'm planning to use this method in the new XSS filter implementation,
        but it seems generally useful.

        * wtf/text/StringImpl.h:
        (WTF::equalIgnoringNullity):
        * wtf/text/WTFString.h:
        (WTF::equalIgnoringNullity):

2011-01-27  Michael Saboff  <msaboff@apple.com>

        Potentially Unsafe HashSet of RuntimeObject* in RootObject definition
        https://bugs.webkit.org/show_bug.cgi?id=53271

        Added new isValid() methods to check if a contained object in
        a WeakGCMap is valid when using an unchecked iterator.

        * runtime/WeakGCMap.h:
        (JSC::WeakGCMap::isValid):

2011-01-26  Sam Weinig  <sam@webkit.org>

        Reviewed by Maciej Stachowiak.

        Add events to represent the start/end of a gesture scroll
        https://bugs.webkit.org/show_bug.cgi?id=53215

        * wtf/Platform.h: Add ENABLE for gesture events. 

2011-01-26  Yael Aharon  <yael.aharon@nokia.com>

        Reviewed by Laszlo Gombos.

        [Qt][Symbian] Fix --minimal build
        https://bugs.webkit.org/show_bug.cgi?id=52839

        Move definition of USE_SYSTEM_MALLOC out of pri file.
        Put it in platform.h instead.

        * wtf/Platform.h:
        * wtf/TCSystemAlloc.cpp:
        * wtf/wtf.pri:

2011-01-26  Patrick Gansterer  <paroga@webkit.org>

        Reviewed by Andreas Kling.

        [WINCE] Add JIT support to build system
        https://bugs.webkit.org/show_bug.cgi?id=53079

        * CMakeListsWinCE.txt:

2011-01-25  Adam Roben  <aroben@apple.com>

        Windows Production build fix

        Reviewed by Steve Falkenburg.

        * JavaScriptCore.vcproj/JavaScriptCore.make: Set BUILDSTYLE to Release_PGO at the very start
        of the file so that ConfigurationBuildDir takes that into account. Also set it the right way
        (by redefining the macro) rather than the wrong way (by modifying the environment variable).

2011-01-25  Steve Falkenburg  <sfalken@apple.com>

        Rubber-stamped by Adam Roben.

        Windows production build fix.
        Use correct environment variable escaping

        * JavaScriptCore.vcproj/JavaScriptCore.make:
        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.make:

2011-01-25  Oliver Hunt  <oliver@apple.com>

        Reviewed by Gavin Barraclough.

        JSON.stringify processing time exponentially grows with size of object
        https://bugs.webkit.org/show_bug.cgi?id=51922

        Remove last use of reserveCapacity from JSON stringification, as it results
        in appalling append behaviour when there are a large number of property names
        and nothing else.

        * runtime/JSONObject.cpp:
        (JSC::Stringifier::appendQuotedString):

2011-01-25  Antti Koivisto  <antti@apple.com>

        Not reviewed.
        
        Try to fix windows build.

        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:

2011-01-25  Antti Koivisto  <antti@apple.com>

        Reviewed by Oliver Hunt.

        REGRESSION: Leak in JSParser::Scope::copyCapturedVariablesToVector()
        https://bugs.webkit.org/show_bug.cgi?id=53061
         
        Cache did not know about the subclass so failed to fully delete the items. 
        Got rid of the subclass and moved the classes to separate files.

        * CMakeLists.txt:
        * GNUmakefile.am:
        * JavaScriptCore.exp:
        * JavaScriptCore.gypi:
        * JavaScriptCore.pro:
        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
        * JavaScriptCore.xcodeproj/project.pbxproj:
        * parser/JSParser.cpp:
        (JSC::JSParser::Scope::saveFunctionInfo):
        (JSC::JSParser::Scope::restoreFunctionInfo):
        (JSC::JSParser::findCachedFunctionInfo):
        (JSC::JSParser::parseFunctionInfo):
        * parser/SourceProvider.h:
        * parser/SourceProviderCache.cpp: Added.
        (JSC::SourceProviderCache::~SourceProviderCache):
        (JSC::SourceProviderCache::byteSize):
        * parser/SourceProviderCache.h: Added.
        (JSC::SourceProviderCache::SourceProviderCache):
        (JSC::SourceProviderCache::add):
        (JSC::SourceProviderCache::get):
        * parser/SourceProviderCacheItem.h: Added.
        (JSC::SourceProviderCacheItem::SourceProviderCacheItem):
        (JSC::SourceProviderCacheItem::approximateByteSize):
        (JSC::SourceProviderCacheItem::closeBraceToken):

2011-01-25  Marcilio Mendonca  <mamendonca@rim.com>

        Reviewed by Darin Adler.

        Bug 53087: Refactoring: replaced a hanging "else" with a "return"
        statement
        https://bugs.webkit.org/show_bug.cgi?id=53087.

        Refactoring work: Replaced a hanging "else" within an #if PLATFORM(M
        with a "return" so that the code is more readable and less error pro
        (e.g., "else" doesn't use braces so adding extra lines to the else
        block won't have any effect; even worse, code still compiles
        successfully.

        * wtf/Assertions.cpp:

2011-01-24  Chris Marrin  <cmarrin@apple.com>

        Reviewed by Eric Seidel.

        Change ENABLE_3D_CANVAS to ENABLE_WEBGL
        https://bugs.webkit.org/show_bug.cgi?id=53041

        * Configurations/FeatureDefines.xcconfig:

2011-01-25  Adam Roben  <aroben@apple.com>

        Windows Production build fix

        * JavaScriptCore.vcproj/JavaScriptCore.make: Added a missing "set".

2011-01-25  Patrick Gansterer  <paroga@webkit.org>

        Reviewed by Eric Seidel.

        Add missing defines for COMPILER(RVCT) && CPU(ARM_THUMB2)
        https://bugs.webkit.org/show_bug.cgi?id=52949

        * jit/JITStubs.cpp:

2011-01-24  Adam Roben  <aroben@apple.com>

        Windows Production build fix

        * JavaScriptCore.vcproj/JavaScriptCore.make: Update for move of JavaScriptCore into Source.

2011-01-24  Peter Varga  <pvarga@webkit.org>

        Reviewed by Oliver Hunt.

        Optimize regex patterns which contain empty alternatives
        https://bugs.webkit.org/show_bug.cgi?id=51395

        Eliminate the empty alternatives from the regex pattern and convert it to do
        the matching in an easier way.

        * yarr/YarrPattern.cpp:
        (JSC::Yarr::YarrPatternConstructor::atomParenthesesEnd):

2011-01-24  Andras Becsi  <abecsi@webkit.org>

        Reviewed by Csaba Osztrogonác.

        [Qt] Move project files into Source
        https://bugs.webkit.org/show_bug.cgi?id=52891

        * JavaScriptCore.pri:
        * JavaScriptCore.pro:
        * jsc.pro:

2011-01-23  Mark Rowe  <mrowe@apple.com>

        Follow-up to r76477.

        Fix the scripts that detect problematic code such as static initializers
        and destructors, weak vtables, inappropriate files in the framework wrappers,
        and public headers including private headers. These had all been broken
        since the projects were moved in to the Source directory as the paths to the
        scripts were not updated at that time.

        * JavaScriptCore.xcodeproj/project.pbxproj:

2011-01-23  Patrick Gansterer  <paroga@webkit.org>

        Reviewed by Darin Adler.

        Use WTF::StringHasher in WebCore
        https://bugs.webkit.org/show_bug.cgi?id=52934

        Add an additional function to calculate the hash
        of data with a runtimedependent size.

        * wtf/StringHasher.h:
        (WTF::StringHasher::createBlobHash):

2011-01-23  Patrick Gansterer  <paroga@webkit.org>

        Reviewed by David Kilzer.

        Fix comment in String::ascii()
        https://bugs.webkit.org/show_bug.cgi?id=52980

        * wtf/text/WTFString.cpp:
        (WTF::String::ascii):

2011-01-23  Patrick Gansterer  <paroga@webkit.org>

        Reviewed by David Kilzer.

        Add String::containsOnlyLatin1()
        https://bugs.webkit.org/show_bug.cgi?id=52979

        * wtf/text/WTFString.h:
        (WTF::String::containsOnlyLatin1):
        (WTF::charactersAreAllLatin1):

2011-01-23  Patrick Gansterer  <paroga@webkit.org>

        Reviewed by Oliver Hunt.

        Remove obsolete JSVALUE32 code
        https://bugs.webkit.org/show_bug.cgi?id=52948

        r70111 removed support for JSVALUE32.
        ARM, MIPS and X86 support JSVALUE32_64 only.

        * jit/JITStubs.cpp:

2011-01-22  Geoffrey Garen  <ggaren@apple.com>

        Reviewed by Dan Bernstein.

        ASSERT running run-webkit-tests --threaded.
        https://bugs.webkit.org/show_bug.cgi?id=52971
        
        SunSpider and v8 report no change.

        * runtime/ConservativeSet.cpp:
        (JSC::ConservativeSet::grow):
        (JSC::ConservativeSet::add):
        * runtime/ConservativeSet.h: Tweaked the inline capacity to 128, and
        the growth policy to 2X, to make SunSpider and v8 happy.
        (JSC::ConservativeSet::ConservativeSet):
        (JSC::ConservativeSet::~ConservativeSet):
        (JSC::ConservativeSet::mark): Use OSAllocator directly, instead of malloc.
        Malloc is forbidden during a multi-threaded mark phase because it can
        cause deadlock.

2011-01-22  Geoffrey Garen  <ggaren@apple.com>

        Reviewed by Geoffrey Garen.

        Rubber-stamped by Maciej Stachowiak.

        A few of Maciej's review suggestions for my last patch.
        https://bugs.webkit.org/show_bug.cgi?id=52946        

        SunSpider reports no change.

        * Android.mk:
        * CMakeLists.txt:
        * GNUmakefile.am:
        * JavaScriptCore.gypi:
        * JavaScriptCore.pro:
        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
        * JavaScriptCore.xcodeproj/project.pbxproj: Updated build systems.

        * runtime/ConservativeSet.cpp: Added.
        (JSC::isPointerAligned):
        (JSC::ConservativeSet::add):
        * runtime/ConservativeSet.h: Added.
        (JSC::ConservativeSet::ConservativeSet):
        (JSC::ConservativeSet::mark): Split ConservativeSet out into its own
        file, and moved the conservative check into ConservativeSet::add, making
        ConservativeSet's responsibility clearer.

        * runtime/Heap.cpp:
        (JSC::Heap::markRoots):
        * runtime/MachineStackMarker.cpp:
        (JSC::MachineStackMarker::markCurrentThreadConservativelyInternal):
        (JSC::MachineStackMarker::markOtherThreadConservatively):
        * runtime/MachineStackMarker.h:
        * runtime/MarkStack.h: Updated for changes above.

2011-01-22  Patrick Gansterer  <paroga@webkit.org>

        Unreviewed WinCE build fix for r76430.

        * runtime/MachineStackMarker.cpp:
        (JSC::swapIfBackwards):

2011-01-21  Geoffrey Garen  <ggaren@apple.com>

        Reviewed by Beth Dakin.

        Reorganized MarkedSpace, making many of its functions private.

        * runtime/JSCell.h:
        (JSC::JSCell::Heap::heap):
        * runtime/MarkedSpace.h:
        (JSC::MarkedSpace::globalData):
        (JSC::MarkedSpace::heap):

2011-01-21  Geoffrey Garen  <ggaren@apple.com>

        Try to fix build: moved helper function out of #ifdef.

        * runtime/MachineStackMarker.cpp:
        (JSC::swapIfBackwards):

2011-01-21  Geoffrey Garen  <ggaren@apple.com>

        Rubber-stamped by Maciej Stachowiak.

        A few of Maciej's review suggestions for my last patch.
        https://bugs.webkit.org/show_bug.cgi?id=52946        

        SunSpider reports no change.

        * runtime/MachineStackMarker.cpp:
        (JSC::swapIfBackwards): Added a helper function for handling platforms
        where the stack can grow in any direction.

        (JSC::MachineStackMarker::markCurrentThreadConservativelyInternal):
        (JSC::MachineStackMarker::markOtherThreadConservatively): Use the helper
        function.

        (JSC::isPointerAligned): Use "!" instead of "==0" because a robot told me to.

        (JSC::MachineStackMarker::markConservatively): Changed to use a more
        standard looping idiom, and to use the helper function above.

        * runtime/MarkedSpace.h:
        (JSC::MarkedSpace::isCellAligned): Use "!" instead of "==0" because a robot told me to.

2011-01-21  Geoffrey Garen  <ggaren@apple.com>

        Reviewed by Maciej Stachowiak.

        Cleaned up some conservative marking code.
        https://bugs.webkit.org/show_bug.cgi?id=52946
        
        SunSpider reports no change.

        * interpreter/RegisterFile.h: No need for a special marking function,
        since we already expose a start() and end().

        * runtime/Heap.cpp:
        (JSC::Heap::registerFile):
        (JSC::Heap::markRoots):
        * runtime/Heap.h:
        (JSC::Heap::contains): Migrated markConservatively() to the machine stack
        marker class. Now, Heap just provides a contains() function, which the
        machine stack marker uses for checking whether a pointer points into the heap.

        * runtime/MachineStackMarker.cpp:
        (JSC::MachineStackMarker::markCurrentThreadConservativelyInternal):
        (JSC::MachineStackMarker::markOtherThreadConservatively):
        (JSC::isPointerAligned):
        (JSC::MachineStackMarker::markConservatively):
        * runtime/MachineStackMarker.h: Move the conservative marking code here.

        * runtime/MarkStack.h:
        (JSC::ConservativeSet::add):
        (JSC::ConservativeSet::mark): Changed to using a vector instead of hash
        set. Vector seems to be a bit faster, and it generates smaller code.

        * runtime/MarkedSpace.cpp:
        (JSC::MarkedSpace::containsSlowCase):
        * runtime/MarkedSpace.h:
        (JSC::MarkedSpace::isCellAligned):
        (JSC::MarkedSpace::isPossibleCell):
        (JSC::MarkedSpace::contains): Kept the code for determining whether a
        pointer pointed into marked space, and moved the code for marking
        a set of conservative pointers into the machine stack marker.

        * wtf/HashSet.h:
        (WTF::::add): Added two missing inlines that I noticed while testing
        vector vs hash set.

2011-01-21  Mark Rowe  <mrowe@apple.com>

        Reviewed by Sam Weinig.

        Work around a Clang bug <rdar://problem/8876150> that leads to it incorrectly emitting an access
        control warning when a client tries to use operator bool exposed above via "using PageBlock::operator bool".

        * wtf/PageAllocation.h:
        (WTF::PageAllocation::operator bool):
        * wtf/PageReservation.h:
        (WTF::PageReservation::operator bool):

2011-01-21  Michael Saboff  <msaboff@apple.com>

        Reviewed by Oliver Hunt.

        [RegexFuzz] Hang with forward assertion
        https://bugs.webkit.org/show_bug.cgi?id=52825
        <rdar://problem/8894332>

        The backtrackTo label from the first term in a list of terms is
        being overwritten by processing of subsequent terms.  Changed
        copyBacktrackToLabel() to check for an existing bcaktrackTo label
        before copying and renamed it to propagateBacktrackToLabel() since
        it no longer copies.

        * yarr/YarrJIT.cpp:
        (JSC::Yarr::YarrGenerator::BacktrackDestination::propagateBacktrackToLabel):
        (JSC::Yarr::YarrGenerator::generateParenthesesSingle):

2011-01-21  Geoffrey Garen  <ggaren@apple.com>

        Reviewed by Sam Weinig.

        Moved the mark stack from global data to the heap, since it pertains
        to the heap, and not the virtual machine as a whole.
        https://bugs.webkit.org/show_bug.cgi?id=52930
        
        SunSpider reports no change.

        * runtime/Heap.cpp:
        (JSC::Heap::Heap):
        (JSC::Heap::markRoots):
        * runtime/Heap.h:
        * runtime/JSGlobalData.cpp:
        (JSC::JSGlobalData::JSGlobalData):
        * runtime/JSGlobalData.h:

2011-01-21  Peter Gal  <galpeter@inf.u-szeged.hu>

        Reviewed by Darin Adler.

        REGRESSION(r76177): All JavaScriptCore tests fail on ARM
        https://bugs.webkit.org/show_bug.cgi?id=52814

        Get the approximateByteSize value before releasing the OwnPtr.

        * parser/JSParser.cpp:
        (JSC::JSParser::parseFunctionInfo):

2011-01-21  Xan Lopez  <xlopez@igalia.com>

        Reviewed by Martin Robinson.

        Remove unnecessary <stdio.h> include
        https://bugs.webkit.org/show_bug.cgi?id=52884

        * jit/JIT.cpp: remove unnecessary include.

2011-01-20  Ryosuke Niwa  <rniwa@webkit.org>

        Reviewed by Maciej Stachowiak.

        Added OwnPtrCommon.h because OwnArrayPtr::set calls deleteOwnedPtr.

        * wtf/OwnArrayPtr.h:

2011-01-20  Patrick Gansterer  <paroga@webkit.org>

        Reviewed by Oliver Hunt.

        [WINCE] Remove obsolete JSVALUE32 code
        https://bugs.webkit.org/show_bug.cgi?id=52450

        Remove the "offset hack" in create_jit_stubs, since we
        only support JSVALUE32_64 in the meantime.

        * create_jit_stubs: Removed offset argument
        * jit/JITStubs.cpp:

2011-01-20  Geoffrey Garen  <ggaren@apple.com>

        Reviewed by Oliver Hunt.

        When marking conservatively, guard against reviving dead objects.
        https://bugs.webkit.org/show_bug.cgi?id=52840
        
        SunSpider and v8 say no change.

        * interpreter/RegisterFile.h:
        (JSC::RegisterFile::markCallFrames): Updated to use the ConservativeSet API.

        * runtime/Heap.cpp:
        (JSC::Heap::recordExtraCost): No need to guard against conservative
        marking reviving dead objects anymore, since the conservative marking
        mechanism guards against this now.

        (JSC::Heap::markConservatively):
        (JSC::Heap::markProtectedObjects):
        (JSC::Heap::markTempSortVectors): Don't drain the mark stack inside a
        marking function. We want to establish a separation of concerns between
        visiting roots and draining the mark stack.

        (JSC::Heap::markRoots): Gather the set of conservative references before
        clearning mark bits, because conservative marking now uses the mark bits
        to determine if a reference is valid, and avoid reviving dead objects.

        (JSC::Heap::collectAllGarbage): No need to guard against conservative
        marking reviving dead objects anymore, since the conservative marking
        mechanism guards against this now.

        * runtime/Heap.h: Updated to use the ConservativeSet API.

        * runtime/MachineStackMarker.cpp:
        (JSC::MachineStackMarker::markCurrentThreadConservativelyInternal):
        (JSC::MachineStackMarker::markCurrentThreadConservatively):
        (JSC::MachineStackMarker::markOtherThreadConservatively):
        (JSC::MachineStackMarker::markMachineStackConservatively):
        * runtime/MachineStackMarker.h: Ditto.

        * runtime/MarkStack.h:
        (JSC::ConservativeSet::add):
        (JSC::ConservativeSet::mark): Added ConservativeSet, for gathering the
        set of conservative references. This is different from MarkStack, since
        we don't mark the set until it is completely gathered.

        * runtime/MarkedSpace.cpp:
        (JSC::MarkedSpace::freeBlock):
        (JSC::MarkedSpace::resizeBlocks):
        (JSC::MarkedSpace::markConservatively):
        * runtime/MarkedSpace.h: When marking conservatively, guard against
        reviving dead objects.

2011-01-20  Siddharth Mathur  <siddharth.mathur@nokia.com>

        Reviewed by Geoffrey Garen.

        [Symbian] Fix StackBounds::initialize()
        https://bugs.webkit.org/show_bug.cgi?id=52842

        * wtf/StackBounds.cpp:
        (WTF::StackBounds::initialize): Use TThreadStackInfo.iLimit for stack limit

2011-01-20  Michael Saboff  <msaboff@apple.com>

        Reviewed by Oliver Hunt.

        <rdar://problem/8890203> [RegexFuzz] Crash in generated code (52773)
        https://bugs.webkit.org/show_bug.cgi?id=52773

        Fixed case where an existing DataLabelPtr is overwritten.  The
        replacing DataLabelPtr is now resolved immediately in
        linkDataLabelToBacktrackIfExists().  Cleanup - eliminated bool
        return value for the routine as it was never used.

        * yarr/YarrJIT.cpp:
        (JSC::Yarr::YarrGenerator::TermGenerationState::linkDataLabelToBacktrackIfExists):

2011-01-20  Andras Becsi  <abecsi@webkit.org>

        Reviewed by Csaba Osztrogonác.

        [Qt][WK2] WebKit2 enabled build fails to link

        Work around undefined reference linking issues until the buildsystem gets redesigned.
        These issues first occured in minimal builds (see BUG 50519).

        * JavaScriptCore.pri: link as whole-archive for WebKit2 builds

2011-01-20  Zoltan Horvath  <zoltan@webkit.org>

        Reviewed by Csaba Osztrogonác.

        Refactoring of the custom allocation framework
        https://bugs.webkit.org/show_bug.cgi?id=49897

        Inheriting from FastAllocBase can result in objects getting larger (bug #33896, #46589).
        The modification replaces Noncopyable and FastAllocBase classes and these inherits with their
        equivalent macro implementation at the necessary places.

        * wtf/FastAllocBase.h: Turn FastAllocBase's implementation into a macro.

2011-01-20  Mark Rowe  <mrowe@apple.com>

        Reviewed by Maciej Stachowiak.

        Follow-up to r75766 / <rdar://problem/5469576>.

        We were failing to initialize the key, causing all sorts of unexpected behavior.

        * wtf/FastMalloc.cpp:
        (WTF::setThreadHeap):
        (WTF::TCMalloc_ThreadCache::GetThreadHeap):
        (WTF::TCMalloc_ThreadCache::InitTSD): Ensure that the key is initialized.

2011-01-18  Geoffrey Garen  <ggaren@apple.com>

        Reviewed by Darin Adler.

        Rolled back in r76078, with crash fixed.
        https://bugs.webkit.org/show_bug.cgi?id=52668
        
        * runtime/JSGlobalObject.cpp:
        (JSC::JSGlobalObject::markChildren): Account for the fact that the global
        object moves its variables into and out of the register file. While out
        of the register file, the symbol table's size is not an accurate count
        for the size of the register array, since the BytecodeGenerator might
        be compiling, adding items to the symbol table.
        
2011-01-18  Darin Adler  <darin@apple.com>

        Reviewed by Geoffrey Garen.

        Stack overflow when converting an Error object to string
        https://bugs.webkit.org/show_bug.cgi?id=46410

        * Android.mk: Added StringRecursionChecker.cpp and
        StringRecursionChecker.h.
        * CMakeLists.txt: Ditto.
        * GNUmakefile.am: Ditto.
        * JavaScriptCore.gypi: Ditto.
        * JavaScriptCore.pro: Ditto.
        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: Ditto.
        * JavaScriptCore.xcodeproj/project.pbxproj: Ditto.

        * runtime/ArrayPrototype.cpp:
        (JSC::arrayProtoFuncToString): Use StringRecursionChecker instead
        of the older hand-written code to do the same thing.
        (JSC::arrayProtoFuncToLocaleString): Ditto.
        (JSC::arrayProtoFuncJoin): Ditto.

        * runtime/ErrorPrototype.cpp:
        (JSC::errorProtoFuncToString): Use StringRecursionChecker.

        * runtime/JSGlobalData.h: Renamed arrayVisitedElements to
        stringRecursionCheckVisitedObjects.

        * runtime/RegExpPrototype.cpp:
        (JSC::regExpProtoFuncToString): Use StringRecursionChecker.

        * runtime/StringRecursionChecker.cpp: Added.
        * runtime/StringRecursionChecker.h: Added.

2011-01-19  Oliver Hunt  <oliver@apple.com>

        Reviewed by Gavin Barraclough.

        Remove non-spec support for callable RegExp
        https://bugs.webkit.org/show_bug.cgi?id=28285

        Remove support for callable regexps.  If it breaks sites we can
        just roll this out.

        * runtime/RegExpObject.cpp:
        * runtime/RegExpObject.h:
        * tests/mozilla/expected.html: update results.

2011-01-19  Antti Koivisto  <antti@apple.com>

        Reviewed by Oliver Hunt.

        Cache function offsets to speed up javascript parsing
        https://bugs.webkit.org/show_bug.cgi?id=52622
        
        Use cache to save function offsets and some other info.
        This avoids quite a bit of work when reparsing the source.

        * parser/ASTBuilder.h:
        * parser/JSParser.cpp:
        (JSC::JSParser::CachedFunctionInfo::CachedFunctionInfo):
        (JSC::JSParser::CachedFunctionInfo::approximateByteSize):
        (JSC::JSParser::CachedFunctionInfo::closeBraceToken):
        (JSC::JSParser::Scope::copyCapturedVariablesToVector):
        (JSC::JSParser::Scope::saveFunctionInfo):
        (JSC::JSParser::Scope::restoreFunctionInfo):
        (JSC::JSParser::findCachedFunctionInfo):
        (JSC::JSParser::JSParser):
        (JSC::JSParser::parseProgram):
        (JSC::JSParser::parseFunctionInfo):
        * parser/Lexer.h:
        (JSC::Lexer::setOffset):
        (JSC::Lexer::setLineNumber):
        (JSC::Lexer::sourceProvider):
        * parser/SourceProvider.h:
        (JSC::SourceProviderCache::SourceProviderCache):
        (JSC::SourceProviderCache::~SourceProviderCache):
        (JSC::SourceProviderCache::byteSize):
        (JSC::SourceProviderCache::add):
        (JSC::SourceProviderCache::get):
        (JSC::SourceProvider::SourceProvider):
        (JSC::SourceProvider::~SourceProvider):
        (JSC::SourceProvider::cache):
        (JSC::SourceProvider::notifyCacheSizeChanged):
        (JSC::SourceProvider::cacheSizeChanged):
        * parser/SyntaxChecker.h:

2011-01-19  Mark Rowe  <mrowe@apple.com>

        Reviewed by Darin Adler.

        Follow-up to r75766 / <rdar://problem/5469576>.

        * DerivedSources.make: Evaluate the SDKROOT variable correctly.

2011-01-19  Oliver Hunt  <oliver@apple.com>

        Reviewed by Gavin Barraclough.

        [jsfunfuzz] Defining a function called __proto__ inside an eval triggers an assertion
        https://bugs.webkit.org/show_bug.cgi?id=52672

        Rather than coming up with a somewhat convoluted mechanism to ensure that
        developers can override the global objects prototype with a function named
        __proto__ and expect it to work, we just disallow it at the syntax level.

        * parser/JSParser.cpp:
        (JSC::JSParser::parseFunctionInfo):

2011-01-19  Michael Saboff  <msaboff@apple.com>

        Reviewed by Darin Adler.

        <rdar://problem/8882994> Regression: Simple nested backtrack hangs
        https://bugs.webkit.org/show_bug.cgi?id=52675

        The changeset (r76076) for https://bugs.webkit.org/show_bug.cgi?id=52540
        broke simple backtracking in some cases.  Reworked that change to 
        link both jumps and labels.

        * yarr/YarrJIT.cpp:
        (JSC::Yarr::YarrGenerator::BacktrackDestination::hasBacktrackToLabel):
        (JSC::Yarr::YarrGenerator::TermGenerationState::propagateBacktrackingFrom):
        (JSC::Yarr::YarrGenerator::generateParenthesesSingle):

2011-01-19  Pavel Podivilov  <podivilov@chromium.org>

        Reviewed by Yury Semikhatsky.

        Web Inspector: [JSC] scripts have incorrect starting line (always 1).
        https://bugs.webkit.org/show_bug.cgi?id=52721

        * debugger/Debugger.cpp:
        (JSC::Debugger::recompileAllJSFunctions):
        * debugger/Debugger.h:
        * parser/Parser.h:
        (JSC::Parser::parse):
        * parser/SourceCode.h:
        (JSC::SourceCode::SourceCode):
        * parser/SourceProvider.h:
        (JSC::SourceProvider::startPosition):

2011-01-19  Csaba Osztrogonác  <ossy@webkit.org>

        Reviewed by Laszlo Gombos and Tor Arne Vestbø.

        [Qt] Remove unnecessary "../Source" from paths
        after moving source files into Source is finished.

        * JavaScriptCore.pri:

2011-01-19  Benjamin Kalman  <kalman@chromium.org>

        Reviewed by Darin Adler.

        Don't return void from void function String::split
        https://bugs.webkit.org/show_bug.cgi?id=52684

        * wtf/text/WTFString.cpp:
        (WTF::String::split):

2011-01-18  Kenneth Russell  <kbr@google.com>

        Unreviewed, rolling out r76078.
        http://trac.webkit.org/changeset/76078
        https://bugs.webkit.org/show_bug.cgi?id=52668

        Caused crashes of fast/canvas/webgl/constants.html,
        fast/canvas/webgl/gl-enum-tests.html, and possibly other layout
        test crashes in Release mode. WebGL crashes were observed with
        "run-webkit-tests fast/canvas/webgl". It was necessary to run
        multiple tests to provoke the crash.

        * interpreter/RegisterFile.h:
        (JSC::RegisterFile::markGlobals):
        * runtime/JSActivation.cpp:
        (JSC::JSActivation::markChildren):
        * runtime/JSGlobalObject.cpp:
        (JSC::JSGlobalObject::markChildren):

2011-01-18  Oliver Hunt  <oliver@apple.com>

        Reviewed by Gavin Barraclough.

        [jsfunfuzz] Assertion asking activation for arguments when arguments is overridden
        https://bugs.webkit.org/show_bug.cgi?id=52690

        Clean up code to retrieve arguments from activation and function objects.
        Remove the incorrect assertion from JSActivation's argumentsGetter.

        * interpreter/Interpreter.cpp:
        (JSC::Interpreter::retrieveArguments):
        * runtime/JSActivation.cpp:
        (JSC::JSActivation::argumentsGetter):

2011-01-18  Geoffrey Garen  <ggaren@apple.com>

        Reviewed by Darin Adler.

        Removed RegisterFile::markGlobals because it was obtuse, and it
        unnecessarily relied on conservative marking.
        https://bugs.webkit.org/show_bug.cgi?id=52668

        * interpreter/RegisterFile.h: Removed markGlobals.

        * runtime/JSActivation.cpp:
        (JSC::JSActivation::markChildren): Added a comment explaning why some
        JSActivations don't always mark their registers arrays.

        * runtime/JSGlobalObject.cpp:
        (JSC::JSGlobalObject::markChildren): Instead of calling markGlobals, mark
        the registers array directly.

2011-01-18  Michael Saboff  <msaboff@apple.com>

        Reviewed by Oliver Hunt.

        <rdar://problem/8875432> Regression: Some text-only e-mails cause hang beneath RegExp::match (52540)
        https://bugs.webkit.org/show_bug.cgi?id=52540
        https://bugs.webkit.org/show_bug.cgi?id=52662

        Directly use backtrack label with parentheses nested under a
        non-capturing parentheses.  Also linked current parentheses
        tail code object for possible parens nested within a non-capturing
        parentheses.

        * yarr/YarrJIT.cpp:
        (JSC::Yarr::YarrGenerator::BacktrackDestination::linkBacktrackToLabel):
        (JSC::Yarr::YarrGenerator::generateParenthesesSingle):

2011-01-18  Daniel Bates  <dbates@rim.com>

        Reviewed by Gavin Barraclough.

        Only use moving memory model assumption in ExecutableAllocator::intializePageSize() for Symbian OS
        https://bugs.webkit.org/show_bug.cgi?id=52517

        Patch by David Tapuska

        Currently, we compile code with respect to the Symbian-specific moving memory model
        assumption for all ARMv5 or lower architectures. Instead, we should only compile
        such code when building for Symbian OS on those architectures because this model
        is Symbian-specific.

        * jit/ExecutableAllocator.cpp:
        (JSC::ExecutableAllocator::intializePageSize):

2011-01-18  Dimitry Andric  <dim@freebsd.org>

        Reviewed by Andreas Kling.

        Fix linking JavaScriptCore on FreeBSD/amd64
        https://bugs.webkit.org/show_bug.cgi?id=52591

        Linking of JavaScriptCore on FreeBSD/amd64 fails, for the same reason as
        in bug 28422: cti_vm_throw needs a "@plt" suffix, otherwise the linker
        complains about the relocation type.

        * jit/JITStubs.cpp: use @plt suffix on x86_64 platforms, for both Linux
        and FreeBSD.

2011-01-18  Oliver Hunt  <oliver@apple.com>

        Reviewed by Antti Koivisto.

        [jsfunfuzz] Assertion in codegen for array of NaN constants
        https://bugs.webkit.org/show_bug.cgi?id=52643

        Don't cache NaN literals in the code generator, as NaN doesn't compare
        as equal to itself it causes problems when rehashing the number cache.

        * bytecompiler/BytecodeGenerator.cpp:
        (JSC::BytecodeGenerator::emitLoad):

2011-01-17  Jarred Nicholls  <jarred@sencha.com>

        Reviewed by Csaba Osztrogonác.

        REGRESSION(r75709): Return value of fscanf() shouldn't be ignored.
        https://bugs.webkit.org/show_bug.cgi?id=52585
        
        gcc 4.4.4+ has warn_unused_value attribute on fscanf, so we should check
        the return value to get around the gcc warning

        * jit/ExecutableAllocatorFixedVMPool.cpp:
        (JSC::maybeModifyVMPoolSize):

2011-01-17  Michael Saboff  <msaboff@apple.com>

        Reviewed by Oliver Hunt.

        [regexfuzz] Crash running regex with lookahead
        https://bugs.webkit.org/show_bug.cgi?id=52548

        Eliminated agressive chaining of backtracks.  This code was overwriting
        already valid backtrack information.

        * yarr/YarrJIT.cpp:
        (JSC::Yarr::YarrGenerator::ParenthesesTail::processBacktracks):

2011-01-17  Tony Gentilcore  <tonyg@chromium.org>

        Reviewed by Alexey Proskuryakov.

        Fix some headers with missing or misspelled #ifndef guards
        https://bugs.webkit.org/show_bug.cgi?id=52545

        * wtf/RefPtrHashMap.h:

2011-01-17  Dan Bernstein  <mitz@apple.com>

        Rubber-stamped by Mark Rowe.

        Update xcodeproj svn:ignore to include xcuserdata.

        * JavaScriptCore.xcodeproj: Modified property svn:ignore.

2011-01-16  Adam Barth  <abarth@webkit.org>

        Rubber-stamped by Eric Seidel.

        Move WebKit into Source
        https://bugs.webkit.org/show_bug.cgi?id=52530

        * JavaScriptCore.gyp/JavaScriptCore.gyp:

2011-01-16  Oliver Hunt  <oliver@apple.com>

        Reviewed by Sam Weinig.

        [jsfunfuzz] Parser doesn't correctly validate for-loop syntax
        https://bugs.webkit.org/show_bug.cgi?id=52516

        Ensure that we always check for a semicolon after encountering
        multiple declarations in the initialiser portion of a for-loop.

        * parser/JSParser.cpp:
        (JSC::JSParser::parseForStatement):

2011-01-16  Oliver Hunt  <oliver@apple.com>

        Reviewed by Geoffrey Garen.

        Strict mode restrictions on arguments and eval usage aren't complete
        https://bugs.webkit.org/show_bug.cgi?id=52528

        Fix a few bugs in strict mode where we incorrect allow mutation of
        arguments and eval in the parser.

        Alas the "optimisation" used by the syntax checker for validating
        binary and unary expressions was too aggressive: we do actually need
        a stack for operations and operands although it needn't be as complete
        as that used for the full AST builder.

        Also disallow assignment to arguments in all cases as allowing arguments
        to be assignable is always an error in strict mode, regardless of context.

        * parser/ASTBuilder.h:
        (JSC::ASTBuilder::BinaryExprContext::BinaryExprContext):
        (JSC::ASTBuilder::UnaryExprContext::UnaryExprContext):
        * parser/JSParser.cpp:
        (JSC::JSParser::parseAssignmentExpression):
        (JSC::JSParser::parseBinaryExpression):
        (JSC::JSParser::parseUnaryExpression):
        * parser/SyntaxChecker.h:
        (JSC::SyntaxChecker::BinaryExprContext::BinaryExprContext):
        (JSC::SyntaxChecker::BinaryExprContext::~BinaryExprContext):
        (JSC::SyntaxChecker::UnaryExprContext::UnaryExprContext):
        (JSC::SyntaxChecker::UnaryExprContext::~UnaryExprContext):
        (JSC::SyntaxChecker::appendBinaryExpressionInfo):
        (JSC::SyntaxChecker::operatorStackPop):

2011-01-15  Geoffrey Garen  <ggaren@apple.com>

        Reviewed by Oliver Hunt.

        Rolled back in r75886.
        https://bugs.webkit.org/show_bug.cgi?id=52527
        
        r75886 broke the GTK Linux bot because Linux was -- quite surprisingly --
        set up to use the constants for embedded devices.

        * jit/ExecutableAllocatorFixedVMPool.cpp:
        (JSC::maybeModifyVMPoolSize): Separated Linux constants from embedded
        constants.

2011-01-15  Sheriff Bot  <webkit.review.bot@gmail.com>

        Unreviewed, rolling out r75886.
        http://trac.webkit.org/changeset/75886
        https://bugs.webkit.org/show_bug.cgi?id=52526

        "Broke GTK+ 64bit" (Requested by xan_ on #webkit).

        * jit/ExecutableAllocatorFixedVMPool.cpp:

2011-01-15  Geoffrey Garen  <ggaren@apple.com>

        Reviewed by Sam Weinig.

        <rdar://problem/8870429> Shrink the executable pool on embedded devices

        * jit/ExecutableAllocatorFixedVMPool.cpp: Dropped the pool size from 32MB
        to 16MB.

2011-01-15  Oliver Hunt  <oliver@apple.com>

        Reviewed by Maciej Stachowiak.

        Incorrect behavior changing attributes of an accessor
        https://bugs.webkit.org/show_bug.cgi?id=52515

        defineProperty doesn't correctly handle changing attributes of an accessor
        property.  This is because we don't pass the full descriptor to the 
        putDescriptor helper function, which means we have insufficient information
        to do the right thing. Once that's passed the correct behavior is relatively
        simple to implement.

        * runtime/JSObject.cpp:
        (JSC::putDescriptor):
        (JSC::JSObject::defineOwnProperty):

2011-01-14  Oliver Hunt  <oliver@apple.com>

        Reviewed by Maciej Stachowiak.

        [jsfunfuzz] Incorrect handling of consecutive duplicate labels
        https://bugs.webkit.org/show_bug.cgi?id=52505

        Compare StringImpl*'s instead of Identifier*'s when looking for duplicate
        labels.

        * parser/JSParser.cpp:
        (JSC::JSParser::parseExpressionOrLabelStatement):

2011-01-14  Simon Fraser  <simon.fraser@apple.com>

        No review.
        
        Initialize m_operationInProgress after r75855.

        * runtime/Heap.cpp:
        (JSC::Heap::Heap):

2011-01-14  Geoffrey Garen  <ggaren@apple.com>

        Reverted accidentally committed code from my last checkin.

        * runtime/Heap.cpp:
        (JSC::Heap::markRoots):

2011-01-14  Geoffrey Garen  <ggaren@apple.com>

        Reviewed by Sam Weinig.
        
        Try to fix the GTK bot.

        * runtime/Heap.cpp:
        (JSC::Heap::Heap):
        (JSC::Heap::markRoots): Kids, remember to initialize your data members.
        Knowing is half the battle.

2011-01-14  Oliver Hunt  <oliver@apple.com>

        Reviewed by Stephanie Lewis.

        [jsfunfuzz] We should be clearing the lexers temporary character buffers when switching to strict mode
        https://bugs.webkit.org/show_bug.cgi?id=52501

        Clear the temporary character buffers used for reading escaped characters and
        numbers.

        * parser/Lexer.h:
        (JSC::Lexer::setOffset):

2011-01-14  Geoffrey Garen  <ggaren@apple.com>

        Try to fix non-Dtrace builds: #include Tracing.h instead of TracingDtrace.h.

        * runtime/Heap.cpp:

2011-01-13  Geoffrey Garen  <ggaren@apple.com>

        Reviewed by Oliver Hunt.

        Split out a MarkedSpace strategy object from Heap.
        https://bugs.webkit.org/show_bug.cgi?id=52421
        
        SunSpider reports no change.

        * Android.mk:
        * CMakeLists.txt:
        * GNUmakefile.am:
        * JavaScriptCore.gypi:
        * JavaScriptCore.pro:
        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
        * JavaScriptCore.xcodeproj/project.pbxproj: Updated our 7 build systems. Which is cool.

        * runtime/Heap.cpp:
        (JSC::Heap::Heap):
        (JSC::Heap::destroy):
        (JSC::Heap::recordExtraCost):
        (JSC::Heap::allocate):
        (JSC::Heap::markConservatively):
        (JSC::Heap::markRoots):
        (JSC::Heap::objectCount):
        (JSC::Heap::statistics):
        (JSC::Heap::size):
        (JSC::Heap::isBusy):
        (JSC::Heap::collectAllGarbage):
        (JSC::Heap::primaryHeapBegin):
        (JSC::Heap::primaryHeapEnd):
        * runtime/Heap.h:
        (JSC::Heap::globalData):
        (JSC::Heap::markedSpace):
        (JSC::Heap::isCellMarked):
        (JSC::Heap::checkMarkCell):
        (JSC::Heap::markCell): Moved all code pertaining to managing chunks of
        collector memory out of this class. Heap now just delegates to MarkedSpace.

        * runtime/JSCell.h:
        (JSC::JSCell::Heap::heap): Updated for MarkedSpace delegation.

        * runtime/JSValue.h: Moved the ValueStringPair typedef to help with #includes.

        * runtime/MarkedSpace.cpp: Copied from runtime/Heap.cpp.
        (JSC::MarkedSpace::MarkedSpace):
        (JSC::MarkedSpace::destroy):
        (JSC::MarkedSpace::allocateBlock):
        (JSC::MarkedSpace::freeBlock):
        (JSC::MarkedSpace::allocate):
        (JSC::MarkedSpace::resizeBlocks):
        (JSC::MarkedSpace::growBlocks):
        (JSC::MarkedSpace::shrinkBlocks):
        (JSC::MarkedSpace::markConservatively):
        (JSC::MarkedSpace::clearMarkBits):
        (JSC::MarkedSpace::markedCells):
        (JSC::MarkedSpace::sweep):
        (JSC::MarkedSpace::objectCount):
        (JSC::MarkedSpace::addToStatistics):
        (JSC::MarkedSpace::statistics):
        (JSC::MarkedSpace::size):
        (JSC::MarkedSpace::reset):
        (JSC::MarkedSpace::primaryHeapBegin):
        (JSC::MarkedSpace::primaryHeapEnd):
        * runtime/MarkedSpace.h: Copied from runtime/Heap.h.
        (JSC::MarkedSpace::globalData):
        (JSC::MarkedSpace::didShrink):
        (JSC::MarkedSpace::cellBlock):
        (JSC::MarkedSpace::cellOffset):
        (JSC::MarkedSpace::isCellMarked):
        (JSC::MarkedSpace::checkMarkCell):
        (JSC::MarkedSpace::markCell): Moved all code pertaining to managing chunks of
        collector memory into this class.

        * runtime/MemoryStatistics.cpp:
        (JSC::heapStatistics):
        * runtime/MemoryStatistics.h: Updated for MarkedSpace delegation.

2011-01-14  Oliver Hunt  <oliver@apple.com>

        Reviewed by Gavin Barraclough.

        [jsfunfuzz] parser doesn't enforce continue restrictions correctly.
        https://bugs.webkit.org/show_bug.cgi?id=52493

        This patch reworks handling of break, continue and label statements
        to correctly handle all the valid and invalid cases.  Previously certain
        errors would be missed by the parser in strict mode, but the bytecode 
        generator needed to handle those cases for non-strict code so nothing
        failed, it simply became non-standard behaviour.