Move unsafe jsc shell test functions to the $vm object.
authormark.lam@apple.com <mark.lam@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 24 Nov 2017 10:58:16 +0000 (10:58 +0000)
committermark.lam@apple.com <mark.lam@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 24 Nov 2017 10:58:16 +0000 (10:58 +0000)
https://bugs.webkit.org/show_bug.cgi?id=179980

Reviewed by Yusuke Suzuki.

JSTests:

* controlFlowProfiler/driver/driver.js:
* controlFlowProfiler/execution-count.js:
* controlFlowProfiler/if-statement.js:
* controlFlowProfiler/loop-statements.js:
* controlFlowProfiler/switch-statements.js:
* controlFlowProfiler/test-jit.js:
* exceptionFuzz/3d-cube.js:
* exceptionFuzz/date-format-xparb.js:
* exceptionFuzz/earley-boyer.js:
* heapProfiler/basic-edges.js:
* heapProfiler/property-edge-types.js:
* microbenchmarks/try-get-by-id-basic.js:
* microbenchmarks/try-get-by-id-polymorphic.js:
* modules/namespace-object-try-get.js:
* stress/argument-count-bytecode.js:
* stress/argument-intrinsic-basic.js:
* stress/argument-intrinsic-inlining-use-caller-arg.js:
* stress/argument-intrinsic-inlining-with-result-escape.js:
* stress/argument-intrinsic-inlining-with-vararg-with-enough-arguments.js:
* stress/argument-intrinsic-inlining-with-vararg.js:
* stress/argument-intrinsic-nested-inlining.js:
* stress/argument-intrinsic-not-convert-to-get-argument.js:
* stress/argument-intrinsic-with-stack-write.js:
* stress/arity-mismatch-get-argument.js:
* stress/array-message-passing.js:
* stress/array-push-with-force-exit.js:
* stress/check-dom-with-signature.js:
* stress/check-sub-class.js:
* stress/compare-eq-incomplete-profile.js:
* stress/custom-get-set-inline-caching-one-level-up-proto-chain.js:
* stress/do-eval-virtual-call-correctly.js:
* stress/dom-jit-with-poly-proto.js:
* stress/domjit-exception-ic.js:
* stress/domjit-exception.js:
* stress/domjit-getter-complex-with-incorrect-object.js:
* stress/domjit-getter-complex.js:
* stress/domjit-getter-poly.js:
* stress/domjit-getter-proto.js:
* stress/domjit-getter-super-poly.js:
* stress/domjit-getter-try-catch-getter-as-get-by-id-register-restoration.js:
* stress/domjit-getter-type-check.js:
* stress/domjit-getter.js:
* stress/exit-during-inlined-arity-fixup-recover-proper-frame.js:
* stress/for-in-proxy-target-changed-structure.js:
* stress/for-in-proxy.js:
* stress/generational-opaque-roots.js:
* stress/global-const-redeclaration-setting-2.js:
* stress/global-const-redeclaration-setting-3.js:
* stress/global-const-redeclaration-setting-4.js:
* stress/global-const-redeclaration-setting-5.js:
* stress/global-const-redeclaration-setting.js:
* stress/import-basic.js:
* stress/import-from-eval.js:
* stress/import-reject-with-exception.js:
* stress/import-syntax.js:
* stress/impure-get-own-property-slot-inline-cache.js:
* stress/is-constructor.js:
* stress/istypedarrayview-intrinsic.js:
* stress/jsc-setImpureGetterDelegate-on-bad-type.js:
* stress/jsc-test-functions-should-be-more-robust.js:
* stress/object-toString-with-proxy.js:
* stress/poly-proto-custom-value-and-accessor.js:
* stress/proxy-inline-cache.js:
* stress/re-execute-error-module.js:
* stress/regress-150532.js:
* stress/regress-156992.js:
* stress/regress-179619.js:
* stress/resources/shadow-chicken-support.js:
* stress/runtime-array.js:
* stress/sampling-profiler-microtasks.js:
* stress/shadow-chicken-enabled.js:
* stress/spread-correct-global-object-on-exception.js:
* stress/super-get-by-id.js:
* stress/tailCallForwardArguments.js:
* stress/to-object-intrinsic-boolean-edge.js:
* stress/to-object-intrinsic-null-or-undefined-edge.js:
* stress/to-object-intrinsic-number-edge.js:
* stress/to-object-intrinsic-object-edge.js:
* stress/to-object-intrinsic-string-edge.js:
* stress/to-object-intrinsic-symbol-edge.js:
* stress/to-object-intrinsic.js:
* stress/try-catch-custom-getter-as-get-by-id.js:
* stress/try-get-by-id-poly-proto.js:
* stress/try-get-by-id-should-spill-registers-dfg.js:
* stress/try-get-by-id.js:
* typeProfiler/arrow-functions.js:
* typeProfiler/basic.js:
* typeProfiler/captured.js:
* typeProfiler/classes.js:
* typeProfiler/dfg-jit-optimizations.js:
* typeProfiler/dictionary-mode.js:
* typeProfiler/es6-block-scoping.js:
* typeProfiler/es6-classes.js:
* typeProfiler/inheritance.js:
* typeProfiler/int52-dfg.js:
* typeProfiler/loop.js:
* typeProfiler/optional-fields.js:
* typeProfiler/overflow.js:
* typeProfiler/return.js:
* typeProfiler/symbol.js:
* typeProfiler/weird-prototype-chain.js:

Source/JavaScriptCore:

Also removed setElementRoot() which was not used.

* jsc.cpp:
(GlobalObject::finishCreation):
(WTF::Element::Element): Deleted.
(WTF::Element::root const): Deleted.
(WTF::Element::setRoot): Deleted.
(WTF::Element::create): Deleted.
(WTF::Element::visitChildren): Deleted.
(WTF::Element::createStructure): Deleted.
(WTF::Root::Root): Deleted.
(WTF::Root::element): Deleted.
(WTF::Root::setElement): Deleted.
(WTF::Root::create): Deleted.
(WTF::Root::createStructure): Deleted.
(WTF::Root::visitChildren): Deleted.
(WTF::ImpureGetter::ImpureGetter): Deleted.
(WTF::ImpureGetter::createStructure): Deleted.
(WTF::ImpureGetter::create): Deleted.
(WTF::ImpureGetter::finishCreation): Deleted.
(WTF::ImpureGetter::getOwnPropertySlot): Deleted.
(WTF::ImpureGetter::visitChildren): Deleted.
(WTF::ImpureGetter::setDelegate): Deleted.
(WTF::CustomGetter::CustomGetter): Deleted.
(WTF::CustomGetter::createStructure): Deleted.
(WTF::CustomGetter::create): Deleted.
(WTF::CustomGetter::getOwnPropertySlot): Deleted.
(WTF::CustomGetter::customGetter): Deleted.
(WTF::CustomGetter::customGetterAcessor): Deleted.
(WTF::RuntimeArray::create): Deleted.
(WTF::RuntimeArray::~RuntimeArray): Deleted.
(WTF::RuntimeArray::destroy): Deleted.
(WTF::RuntimeArray::getOwnPropertySlot): Deleted.
(WTF::RuntimeArray::getOwnPropertySlotByIndex): Deleted.
(WTF::RuntimeArray::put): Deleted.
(WTF::RuntimeArray::deleteProperty): Deleted.
(WTF::RuntimeArray::getLength const): Deleted.
(WTF::RuntimeArray::createPrototype): Deleted.
(WTF::RuntimeArray::createStructure): Deleted.
(WTF::RuntimeArray::finishCreation): Deleted.
(WTF::RuntimeArray::RuntimeArray): Deleted.
(WTF::RuntimeArray::lengthGetter): Deleted.
(WTF::SimpleObject::SimpleObject): Deleted.
(WTF::SimpleObject::create): Deleted.
(WTF::SimpleObject::visitChildren): Deleted.
(WTF::SimpleObject::createStructure): Deleted.
(WTF::SimpleObject::hiddenValue): Deleted.
(WTF::SimpleObject::setHiddenValue): Deleted.
(WTF::DOMJITNode::DOMJITNode): Deleted.
(WTF::DOMJITNode::createStructure): Deleted.
(WTF::DOMJITNode::checkSubClassSnippet): Deleted.
(WTF::DOMJITNode::create): Deleted.
(WTF::DOMJITNode::value const): Deleted.
(WTF::DOMJITNode::offsetOfValue): Deleted.
(WTF::DOMJITGetter::DOMJITGetter): Deleted.
(WTF::DOMJITGetter::createStructure): Deleted.
(WTF::DOMJITGetter::create): Deleted.
(WTF::DOMJITGetter::DOMJITAttribute::DOMJITAttribute): Deleted.
(WTF::DOMJITGetter::DOMJITAttribute::slowCall): Deleted.
(WTF::DOMJITGetter::DOMJITAttribute::callDOMGetter): Deleted.
(WTF::DOMJITGetter::customGetter): Deleted.
(WTF::DOMJITGetter::finishCreation): Deleted.
(WTF::DOMJITGetterComplex::DOMJITGetterComplex): Deleted.
(WTF::DOMJITGetterComplex::createStructure): Deleted.
(WTF::DOMJITGetterComplex::create): Deleted.
(WTF::DOMJITGetterComplex::DOMJITAttribute::DOMJITAttribute): Deleted.
(WTF::DOMJITGetterComplex::DOMJITAttribute::slowCall): Deleted.
(WTF::DOMJITGetterComplex::DOMJITAttribute::callDOMGetter): Deleted.
(WTF::DOMJITGetterComplex::functionEnableException): Deleted.
(WTF::DOMJITGetterComplex::customGetter): Deleted.
(WTF::DOMJITGetterComplex::finishCreation): Deleted.
(WTF::DOMJITFunctionObject::DOMJITFunctionObject): Deleted.
(WTF::DOMJITFunctionObject::createStructure): Deleted.
(WTF::DOMJITFunctionObject::create): Deleted.
(WTF::DOMJITFunctionObject::safeFunction): Deleted.
(WTF::DOMJITFunctionObject::unsafeFunction): Deleted.
(WTF::DOMJITFunctionObject::checkSubClassSnippet): Deleted.
(WTF::DOMJITFunctionObject::finishCreation): Deleted.
(WTF::DOMJITCheckSubClassObject::DOMJITCheckSubClassObject): Deleted.
(WTF::DOMJITCheckSubClassObject::createStructure): Deleted.
(WTF::DOMJITCheckSubClassObject::create): Deleted.
(WTF::DOMJITCheckSubClassObject::safeFunction): Deleted.
(WTF::DOMJITCheckSubClassObject::unsafeFunction): Deleted.
(WTF::DOMJITCheckSubClassObject::finishCreation): Deleted.
(WTF::DOMJITGetterBaseJSObject::DOMJITGetterBaseJSObject): Deleted.
(WTF::DOMJITGetterBaseJSObject::createStructure): Deleted.
(WTF::DOMJITGetterBaseJSObject::create): Deleted.
(WTF::DOMJITGetterBaseJSObject::DOMJITAttribute::DOMJITAttribute): Deleted.
(WTF::DOMJITGetterBaseJSObject::DOMJITAttribute::slowCall): Deleted.
(WTF::DOMJITGetterBaseJSObject::DOMJITAttribute::callDOMGetter): Deleted.
(WTF::DOMJITGetterBaseJSObject::customGetter): Deleted.
(WTF::DOMJITGetterBaseJSObject::finishCreation): Deleted.
(WTF::Element::handleOwner): Deleted.
(WTF::Element::finishCreation): Deleted.
(JSTestCustomGetterSetter::JSTestCustomGetterSetter): Deleted.
(JSTestCustomGetterSetter::create): Deleted.
(JSTestCustomGetterSetter::createStructure): Deleted.
(customGetAccessor): Deleted.
(customGetValue): Deleted.
(customSetAccessor): Deleted.
(customSetValue): Deleted.
(JSTestCustomGetterSetter::finishCreation): Deleted.
(GlobalObject::addConstructableFunction): Deleted.
(functionCreateRoot): Deleted.
(functionCreateElement): Deleted.
(functionGetElement): Deleted.
(functionSetElementRoot): Deleted.
(functionCreateSimpleObject): Deleted.
(functionGetHiddenValue): Deleted.
(functionSetHiddenValue): Deleted.
(functionCreateProxy): Deleted.
(functionCreateRuntimeArray): Deleted.
(functionCreateImpureGetter): Deleted.
(functionCreateCustomGetterObject): Deleted.
(functionCreateDOMJITNodeObject): Deleted.
(functionCreateDOMJITGetterObject): Deleted.
(functionCreateDOMJITGetterComplexObject): Deleted.
(functionCreateDOMJITFunctionObject): Deleted.
(functionCreateDOMJITCheckSubClassObject): Deleted.
(functionCreateDOMJITGetterBaseJSObject): Deleted.
(functionSetImpureGetterDelegate): Deleted.
(functionGetGetterSetter): Deleted.
(functionShadowChickenFunctionsOnStack): Deleted.
(functionSetGlobalConstRedeclarationShouldNotThrow): Deleted.
(functionGlobalObjectForObject): Deleted.
(functionLoadGetterFromGetterSetter): Deleted.
(functionCreateCustomTestGetterSetter): Deleted.
(functionAbort): Deleted.
(functionFindTypeForExpression): Deleted.
(functionReturnTypeFor): Deleted.
(functionDumpBasicBlockExecutionRanges): Deleted.
(functionHasBasicBlockExecuted): Deleted.
(functionBasicBlockExecutionCount): Deleted.
(functionEnableExceptionFuzz): Deleted.
(functionCreateBuiltin): Deleted.
* runtime/JSGlobalObject.cpp:
(JSC::JSGlobalObject::init):
* tools/JSDollarVM.cpp:
(WTF::Element::Element):
(WTF::Element::root const):
(WTF::Element::setRoot):
(WTF::Element::create):
(WTF::Element::visitChildren):
(WTF::Element::createStructure):
(WTF::Root::Root):
(WTF::Root::element):
(WTF::Root::setElement):
(WTF::Root::create):
(WTF::Root::createStructure):
(WTF::Root::visitChildren):
(WTF::SimpleObject::SimpleObject):
(WTF::SimpleObject::create):
(WTF::SimpleObject::visitChildren):
(WTF::SimpleObject::createStructure):
(WTF::SimpleObject::hiddenValue):
(WTF::SimpleObject::setHiddenValue):
(WTF::ImpureGetter::ImpureGetter):
(WTF::ImpureGetter::createStructure):
(WTF::ImpureGetter::create):
(WTF::ImpureGetter::finishCreation):
(WTF::ImpureGetter::getOwnPropertySlot):
(WTF::ImpureGetter::visitChildren):
(WTF::ImpureGetter::setDelegate):
(WTF::CustomGetter::CustomGetter):
(WTF::CustomGetter::createStructure):
(WTF::CustomGetter::create):
(WTF::CustomGetter::getOwnPropertySlot):
(WTF::CustomGetter::customGetter):
(WTF::CustomGetter::customGetterAcessor):
(WTF::RuntimeArray::create):
(WTF::RuntimeArray::~RuntimeArray):
(WTF::RuntimeArray::destroy):
(WTF::RuntimeArray::getOwnPropertySlot):
(WTF::RuntimeArray::getOwnPropertySlotByIndex):
(WTF::RuntimeArray::put):
(WTF::RuntimeArray::deleteProperty):
(WTF::RuntimeArray::getLength const):
(WTF::RuntimeArray::createPrototype):
(WTF::RuntimeArray::createStructure):
(WTF::RuntimeArray::finishCreation):
(WTF::RuntimeArray::RuntimeArray):
(WTF::RuntimeArray::lengthGetter):
(WTF::DOMJITNode::DOMJITNode):
(WTF::DOMJITNode::createStructure):
(WTF::DOMJITNode::checkSubClassSnippet):
(WTF::DOMJITNode::create):
(WTF::DOMJITNode::value const):
(WTF::DOMJITNode::offsetOfValue):
(WTF::DOMJITGetter::DOMJITGetter):
(WTF::DOMJITGetter::createStructure):
(WTF::DOMJITGetter::create):
(WTF::DOMJITGetter::DOMJITAttribute::DOMJITAttribute):
(WTF::DOMJITGetter::DOMJITAttribute::slowCall):
(WTF::DOMJITGetter::DOMJITAttribute::callDOMGetter):
(WTF::DOMJITGetter::customGetter):
(WTF::DOMJITGetter::finishCreation):
(WTF::DOMJITGetterComplex::DOMJITGetterComplex):
(WTF::DOMJITGetterComplex::createStructure):
(WTF::DOMJITGetterComplex::create):
(WTF::DOMJITGetterComplex::DOMJITAttribute::DOMJITAttribute):
(WTF::DOMJITGetterComplex::DOMJITAttribute::slowCall):
(WTF::DOMJITGetterComplex::DOMJITAttribute::callDOMGetter):
(WTF::DOMJITGetterComplex::functionEnableException):
(WTF::DOMJITGetterComplex::customGetter):
(WTF::DOMJITGetterComplex::finishCreation):
(WTF::DOMJITFunctionObject::DOMJITFunctionObject):
(WTF::DOMJITFunctionObject::createStructure):
(WTF::DOMJITFunctionObject::create):
(WTF::DOMJITFunctionObject::safeFunction):
(WTF::DOMJITFunctionObject::unsafeFunction):
(WTF::DOMJITFunctionObject::checkSubClassSnippet):
(WTF::DOMJITFunctionObject::finishCreation):
(WTF::DOMJITCheckSubClassObject::DOMJITCheckSubClassObject):
(WTF::DOMJITCheckSubClassObject::createStructure):
(WTF::DOMJITCheckSubClassObject::create):
(WTF::DOMJITCheckSubClassObject::safeFunction):
(WTF::DOMJITCheckSubClassObject::unsafeFunction):
(WTF::DOMJITCheckSubClassObject::finishCreation):
(WTF::DOMJITGetterBaseJSObject::DOMJITGetterBaseJSObject):
(WTF::DOMJITGetterBaseJSObject::createStructure):
(WTF::DOMJITGetterBaseJSObject::create):
(WTF::DOMJITGetterBaseJSObject::DOMJITAttribute::DOMJITAttribute):
(WTF::DOMJITGetterBaseJSObject::DOMJITAttribute::slowCall):
(WTF::DOMJITGetterBaseJSObject::DOMJITAttribute::callDOMGetter):
(WTF::DOMJITGetterBaseJSObject::customGetter):
(WTF::DOMJITGetterBaseJSObject::finishCreation):
(WTF::Message::releaseContents):
(WTF::Message::index const):
(WTF::JSTestCustomGetterSetter::JSTestCustomGetterSetter):
(WTF::JSTestCustomGetterSetter::create):
(WTF::JSTestCustomGetterSetter::createStructure):
(WTF::customGetAccessor):
(WTF::customGetValue):
(WTF::customSetAccessor):
(WTF::customSetValue):
(WTF::JSTestCustomGetterSetter::finishCreation):
(WTF::Element::handleOwner):
(WTF::Element::finishCreation):
(JSC::functionCrash):
(JSC::functionCreateProxy):
(JSC::functionCreateRuntimeArray):
(JSC::functionCreateImpureGetter):
(JSC::functionCreateCustomGetterObject):
(JSC::functionCreateDOMJITNodeObject):
(JSC::functionCreateDOMJITGetterObject):
(JSC::functionCreateDOMJITGetterComplexObject):
(JSC::functionCreateDOMJITFunctionObject):
(JSC::functionCreateDOMJITCheckSubClassObject):
(JSC::functionCreateDOMJITGetterBaseJSObject):
(JSC::functionSetImpureGetterDelegate):
(JSC::functionCreateBuiltin):
(JSC::functionCreateRoot):
(JSC::functionCreateElement):
(JSC::functionGetElement):
(JSC::functionCreateSimpleObject):
(JSC::functionGetHiddenValue):
(JSC::functionSetHiddenValue):
(JSC::functionShadowChickenFunctionsOnStack):
(JSC::functionSetGlobalConstRedeclarationShouldNotThrow):
(JSC::functionFindTypeForExpression):
(JSC::functionReturnTypeFor):
(JSC::functionDumpBasicBlockExecutionRanges):
(JSC::functionHasBasicBlockExecuted):
(JSC::functionBasicBlockExecutionCount):
(JSC::functionEnableExceptionFuzz):
(JSC::functionGlobalObjectForObject):
(JSC::functionGetGetterSetter):
(JSC::functionLoadGetterFromGetterSetter):
(JSC::functionCreateCustomTestGetterSetter):
(JSC::JSDollarVM::finishCreation):
(JSC::JSDollarVM::addFunction):
(JSC::JSDollarVM::addConstructibleFunction):
* tools/JSDollarVM.h:
(JSC::JSDollarVM::create):

Tools:

Always set --useDollarVM=true for jsc runs of benchmarks.  This is needed because
some microbenchmarks relies on createBuiltin().

Also set --useDollarVM=true for runExceptionFuzz and runExecutableAllocationFuzz.

* Scripts/run-jsc-benchmarks:
* Scripts/run-jsc-stress-tests:

LayoutTests:

* js/script-tests/stack-trace.js:
* js/stack-trace-expected.txt:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@225129 268f45cc-cd09-0410-ab3c-d52691b4dbfc

113 files changed:
JSTests/ChangeLog
JSTests/controlFlowProfiler/driver/driver.js
JSTests/controlFlowProfiler/execution-count.js
JSTests/controlFlowProfiler/if-statement.js
JSTests/controlFlowProfiler/loop-statements.js
JSTests/controlFlowProfiler/switch-statements.js
JSTests/controlFlowProfiler/test-jit.js
JSTests/exceptionFuzz/3d-cube.js
JSTests/exceptionFuzz/date-format-xparb.js
JSTests/exceptionFuzz/earley-boyer.js
JSTests/heapProfiler/basic-edges.js
JSTests/heapProfiler/property-edge-types.js
JSTests/microbenchmarks/try-get-by-id-basic.js
JSTests/microbenchmarks/try-get-by-id-polymorphic.js
JSTests/modules/namespace-object-try-get.js
JSTests/stress/argument-count-bytecode.js
JSTests/stress/argument-intrinsic-basic.js
JSTests/stress/argument-intrinsic-inlining-use-caller-arg.js
JSTests/stress/argument-intrinsic-inlining-with-result-escape.js
JSTests/stress/argument-intrinsic-inlining-with-vararg-with-enough-arguments.js
JSTests/stress/argument-intrinsic-inlining-with-vararg.js
JSTests/stress/argument-intrinsic-nested-inlining.js
JSTests/stress/argument-intrinsic-not-convert-to-get-argument.js
JSTests/stress/argument-intrinsic-with-stack-write.js
JSTests/stress/arity-mismatch-get-argument.js
JSTests/stress/array-message-passing.js
JSTests/stress/array-push-with-force-exit.js
JSTests/stress/check-dom-with-signature.js
JSTests/stress/check-sub-class.js
JSTests/stress/compare-eq-incomplete-profile.js
JSTests/stress/custom-get-set-inline-caching-one-level-up-proto-chain.js
JSTests/stress/do-eval-virtual-call-correctly.js
JSTests/stress/dom-jit-with-poly-proto.js
JSTests/stress/domjit-exception-ic.js
JSTests/stress/domjit-exception.js
JSTests/stress/domjit-getter-complex-with-incorrect-object.js
JSTests/stress/domjit-getter-complex.js
JSTests/stress/domjit-getter-poly.js
JSTests/stress/domjit-getter-proto.js
JSTests/stress/domjit-getter-super-poly.js
JSTests/stress/domjit-getter-try-catch-getter-as-get-by-id-register-restoration.js
JSTests/stress/domjit-getter-type-check.js
JSTests/stress/domjit-getter.js
JSTests/stress/exit-during-inlined-arity-fixup-recover-proper-frame.js
JSTests/stress/for-in-proxy-target-changed-structure.js
JSTests/stress/for-in-proxy.js
JSTests/stress/generational-opaque-roots.js
JSTests/stress/global-const-redeclaration-setting-2.js
JSTests/stress/global-const-redeclaration-setting-3.js
JSTests/stress/global-const-redeclaration-setting-4.js
JSTests/stress/global-const-redeclaration-setting-5.js
JSTests/stress/global-const-redeclaration-setting.js
JSTests/stress/import-basic.js
JSTests/stress/import-from-eval.js
JSTests/stress/import-reject-with-exception.js
JSTests/stress/import-syntax.js
JSTests/stress/impure-get-own-property-slot-inline-cache.js
JSTests/stress/is-constructor.js
JSTests/stress/istypedarrayview-intrinsic.js
JSTests/stress/jsc-setImpureGetterDelegate-on-bad-type.js
JSTests/stress/jsc-test-functions-should-be-more-robust.js
JSTests/stress/object-toString-with-proxy.js
JSTests/stress/poly-proto-custom-value-and-accessor.js
JSTests/stress/proxy-inline-cache.js
JSTests/stress/re-execute-error-module.js
JSTests/stress/regress-150532.js
JSTests/stress/regress-156992.js
JSTests/stress/regress-179619.js
JSTests/stress/resources/shadow-chicken-support.js
JSTests/stress/runtime-array.js
JSTests/stress/sampling-profiler-microtasks.js
JSTests/stress/shadow-chicken-enabled.js
JSTests/stress/spread-correct-global-object-on-exception.js
JSTests/stress/super-get-by-id.js
JSTests/stress/tailCallForwardArguments.js
JSTests/stress/to-object-intrinsic-boolean-edge.js
JSTests/stress/to-object-intrinsic-null-or-undefined-edge.js
JSTests/stress/to-object-intrinsic-number-edge.js
JSTests/stress/to-object-intrinsic-object-edge.js
JSTests/stress/to-object-intrinsic-string-edge.js
JSTests/stress/to-object-intrinsic-symbol-edge.js
JSTests/stress/to-object-intrinsic.js
JSTests/stress/try-catch-custom-getter-as-get-by-id.js
JSTests/stress/try-get-by-id-poly-proto.js
JSTests/stress/try-get-by-id-should-spill-registers-dfg.js
JSTests/stress/try-get-by-id.js
JSTests/typeProfiler/arrow-functions.js
JSTests/typeProfiler/basic.js
JSTests/typeProfiler/captured.js
JSTests/typeProfiler/classes.js
JSTests/typeProfiler/dfg-jit-optimizations.js
JSTests/typeProfiler/dictionary-mode.js
JSTests/typeProfiler/es6-block-scoping.js
JSTests/typeProfiler/es6-classes.js
JSTests/typeProfiler/inheritance.js
JSTests/typeProfiler/int52-dfg.js
JSTests/typeProfiler/loop.js
JSTests/typeProfiler/optional-fields.js
JSTests/typeProfiler/overflow.js
JSTests/typeProfiler/return.js
JSTests/typeProfiler/symbol.js
JSTests/typeProfiler/weird-prototype-chain.js
LayoutTests/ChangeLog
LayoutTests/js/script-tests/stack-trace.js
LayoutTests/js/stack-trace-expected.txt
Source/JavaScriptCore/ChangeLog
Source/JavaScriptCore/jsc.cpp
Source/JavaScriptCore/runtime/JSGlobalObject.cpp
Source/JavaScriptCore/tools/JSDollarVM.cpp
Source/JavaScriptCore/tools/JSDollarVM.h
Tools/ChangeLog
Tools/Scripts/run-jsc-benchmarks
Tools/Scripts/run-jsc-stress-tests

index e636656..07493ad 100644 (file)
@@ -1,3 +1,112 @@
+2017-11-24  Mark Lam  <mark.lam@apple.com>
+
+        Move unsafe jsc shell test functions to the $vm object.
+        https://bugs.webkit.org/show_bug.cgi?id=179980
+
+        Reviewed by Yusuke Suzuki.
+
+        * controlFlowProfiler/driver/driver.js:
+        * controlFlowProfiler/execution-count.js:
+        * controlFlowProfiler/if-statement.js:
+        * controlFlowProfiler/loop-statements.js:
+        * controlFlowProfiler/switch-statements.js:
+        * controlFlowProfiler/test-jit.js:
+        * exceptionFuzz/3d-cube.js:
+        * exceptionFuzz/date-format-xparb.js:
+        * exceptionFuzz/earley-boyer.js:
+        * heapProfiler/basic-edges.js:
+        * heapProfiler/property-edge-types.js:
+        * microbenchmarks/try-get-by-id-basic.js:
+        * microbenchmarks/try-get-by-id-polymorphic.js:
+        * modules/namespace-object-try-get.js:
+        * stress/argument-count-bytecode.js:
+        * stress/argument-intrinsic-basic.js:
+        * stress/argument-intrinsic-inlining-use-caller-arg.js:
+        * stress/argument-intrinsic-inlining-with-result-escape.js:
+        * stress/argument-intrinsic-inlining-with-vararg-with-enough-arguments.js:
+        * stress/argument-intrinsic-inlining-with-vararg.js:
+        * stress/argument-intrinsic-nested-inlining.js:
+        * stress/argument-intrinsic-not-convert-to-get-argument.js:
+        * stress/argument-intrinsic-with-stack-write.js:
+        * stress/arity-mismatch-get-argument.js:
+        * stress/array-message-passing.js:
+        * stress/array-push-with-force-exit.js:
+        * stress/check-dom-with-signature.js:
+        * stress/check-sub-class.js:
+        * stress/compare-eq-incomplete-profile.js:
+        * stress/custom-get-set-inline-caching-one-level-up-proto-chain.js:
+        * stress/do-eval-virtual-call-correctly.js:
+        * stress/dom-jit-with-poly-proto.js:
+        * stress/domjit-exception-ic.js:
+        * stress/domjit-exception.js:
+        * stress/domjit-getter-complex-with-incorrect-object.js:
+        * stress/domjit-getter-complex.js:
+        * stress/domjit-getter-poly.js:
+        * stress/domjit-getter-proto.js:
+        * stress/domjit-getter-super-poly.js:
+        * stress/domjit-getter-try-catch-getter-as-get-by-id-register-restoration.js:
+        * stress/domjit-getter-type-check.js:
+        * stress/domjit-getter.js:
+        * stress/exit-during-inlined-arity-fixup-recover-proper-frame.js:
+        * stress/for-in-proxy-target-changed-structure.js:
+        * stress/for-in-proxy.js:
+        * stress/generational-opaque-roots.js:
+        * stress/global-const-redeclaration-setting-2.js:
+        * stress/global-const-redeclaration-setting-3.js:
+        * stress/global-const-redeclaration-setting-4.js:
+        * stress/global-const-redeclaration-setting-5.js:
+        * stress/global-const-redeclaration-setting.js:
+        * stress/import-basic.js:
+        * stress/import-from-eval.js:
+        * stress/import-reject-with-exception.js:
+        * stress/import-syntax.js:
+        * stress/impure-get-own-property-slot-inline-cache.js:
+        * stress/is-constructor.js:
+        * stress/istypedarrayview-intrinsic.js:
+        * stress/jsc-setImpureGetterDelegate-on-bad-type.js:
+        * stress/jsc-test-functions-should-be-more-robust.js:
+        * stress/object-toString-with-proxy.js:
+        * stress/poly-proto-custom-value-and-accessor.js:
+        * stress/proxy-inline-cache.js:
+        * stress/re-execute-error-module.js:
+        * stress/regress-150532.js:
+        * stress/regress-156992.js:
+        * stress/regress-179619.js:
+        * stress/resources/shadow-chicken-support.js:
+        * stress/runtime-array.js:
+        * stress/sampling-profiler-microtasks.js:
+        * stress/shadow-chicken-enabled.js:
+        * stress/spread-correct-global-object-on-exception.js:
+        * stress/super-get-by-id.js:
+        * stress/tailCallForwardArguments.js:
+        * stress/to-object-intrinsic-boolean-edge.js:
+        * stress/to-object-intrinsic-null-or-undefined-edge.js:
+        * stress/to-object-intrinsic-number-edge.js:
+        * stress/to-object-intrinsic-object-edge.js:
+        * stress/to-object-intrinsic-string-edge.js:
+        * stress/to-object-intrinsic-symbol-edge.js:
+        * stress/to-object-intrinsic.js:
+        * stress/try-catch-custom-getter-as-get-by-id.js:
+        * stress/try-get-by-id-poly-proto.js:
+        * stress/try-get-by-id-should-spill-registers-dfg.js:
+        * stress/try-get-by-id.js:
+        * typeProfiler/arrow-functions.js:
+        * typeProfiler/basic.js:
+        * typeProfiler/captured.js:
+        * typeProfiler/classes.js:
+        * typeProfiler/dfg-jit-optimizations.js:
+        * typeProfiler/dictionary-mode.js:
+        * typeProfiler/es6-block-scoping.js:
+        * typeProfiler/es6-classes.js:
+        * typeProfiler/inheritance.js:
+        * typeProfiler/int52-dfg.js:
+        * typeProfiler/loop.js:
+        * typeProfiler/optional-fields.js:
+        * typeProfiler/overflow.js:
+        * typeProfiler/return.js:
+        * typeProfiler/symbol.js:
+        * typeProfiler/weird-prototype-chain.js:
+
 2017-11-21  Yusuke Suzuki  <utatane.tea@gmail.com>
 
         [DFG][FTL] Support MapSet / SetAdd intrinsics
index 7a71779..d0f93ef 100644 (file)
@@ -1,3 +1,5 @@
+var hasBasicBlockExecuted = $vm.hasBasicBlockExecuted;
+
 function assert(condition, reason) {
     if (!condition)
         throw new Error(reason);
index 35982f4..6fe1886 100644 (file)
@@ -1,3 +1,5 @@
+var basicBlockExecutionCount = $vm.basicBlockExecutionCount;
+
 load("./driver/driver.js");
 
 function noop() { ; }
index f31f719..2600f63 100644 (file)
@@ -1,3 +1,5 @@
+var hasBasicBlockExecuted = $vm.hasBasicBlockExecuted;
+
 load("./driver/driver.js");
 
 var a, b, c, d;
index a2cdc3d..7a6265b 100644 (file)
@@ -1,3 +1,5 @@
+var hasBasicBlockExecuted = $vm.hasBasicBlockExecuted;
+
 load("./driver/driver.js");
 
 function forRegular(limit) {
index edcfbbf..fd8e6bf 100644 (file)
@@ -1,3 +1,5 @@
+var hasBasicBlockExecuted = $vm.hasBasicBlockExecuted;
+
 load("./driver/driver.js");
 
 var a, b, c;
index b0f3c19..732caa5 100644 (file)
@@ -1,3 +1,5 @@
+var hasBasicBlockExecuted = $vm.hasBasicBlockExecuted;
+
 load("./driver/driver.js");
 
 function tierUpToBaseline(func, arg) 
index 76592f2..a79a876 100644 (file)
@@ -1,3 +1,5 @@
+var enableExceptionFuzz = $vm.enableExceptionFuzz;
+
 try {
 
 // 3D Cube Rotation
index 4050729..f2d2a17 100644 (file)
@@ -1,3 +1,5 @@
+var enableExceptionFuzz = $vm.enableExceptionFuzz;
+
 try {
 
 /*
index 7579df4..8a11761 100644 (file)
@@ -1,3 +1,5 @@
+var enableExceptionFuzz = $vm.enableExceptionFuzz;
+
 try {
 // This file is automatically generated by scheme2js, except for the
 // benchmark harness code at the beginning and end of the file.
index 985b7a2..aacf5bc 100644 (file)
@@ -1,3 +1,6 @@
+var SimpleObject = $vm.SimpleObject;
+var setHiddenValue = $vm.setHiddenValue;
+
 load("./driver/driver.js");
 
 function excludeStructure(edges) {
index a9baf46..c40c170 100644 (file)
@@ -1,3 +1,6 @@
+var SimpleObject = $vm.SimpleObject;
+var setHiddenValue = $vm.setHiddenValue;
+
 load("./driver/driver.js");
 
 let simpleObject = new SimpleObject;
index 1362457..1bdbcaf 100644 (file)
@@ -1,5 +1,7 @@
 // Test tryGetById's value profiling feedback without going too polymorphic.
 
+var createBuiltin = $vm.createBuiltin;
+
 var it = 1e5;
 
 const check = (got, expect) => { if (got != expect) throw "Error: bad result got " + got + " expected " + expect; };
index 7624984..7bb7874 100644 (file)
@@ -1,5 +1,7 @@
 // Test tryGetById's value profiling feedback after it's too polymorphic.
 
+var createBuiltin = $vm.createBuiltin;
+
 var it = 1e5;
 
 const check = (got, expect) => { if (got != expect) throw "Error: bad result got " + got + " expected " + expect; };
index 8b7ce69..84fd161 100644 (file)
@@ -1,3 +1,5 @@
+var createBuiltin = $vm.createBuiltin;
+
 import { shouldBe } from "./resources/assert.js";
 import * as ns from "./namespace-object-try-get.js"
 
index b19b82f..59a1385 100644 (file)
@@ -1,3 +1,5 @@
+var createBuiltin = $vm.createBuiltin;
+
 count = createBuiltin("(function () { return @argumentCount(); })");
 countNoInline = createBuiltin("(function () { return @argumentCount(); })");
 noInline(countNoInline);
index c0a18b6..27e5a78 100644 (file)
@@ -1,3 +1,5 @@
+var createBuiltin = $vm.createBuiltin;
+
 function shouldBe(actual, expected) {
     if (actual !== expected)
         throw new Error('bad value: ' + actual);
index f431b3a..5e8419a 100644 (file)
@@ -1,3 +1,5 @@
+var createBuiltin = $vm.createBuiltin;
+
 function shouldBe(actual, expected) {
     if (actual !== expected)
         throw new Error('bad value: ' + actual);
index 07f4ab7..21e3a45 100644 (file)
@@ -1,3 +1,5 @@
+var createBuiltin = $vm.createBuiltin;
+
 function shouldBe(actual, expected) {
     if (actual !== expected)
         throw new Error('bad value: ' + actual);
index 95f6249..7c23c20 100644 (file)
@@ -1,3 +1,5 @@
+var createBuiltin = $vm.createBuiltin;
+
 function shouldBe(actual, expected) {
     if (actual !== expected)
         throw new Error('bad value: ' + actual);
index 1c90d99..f69f4e5 100644 (file)
@@ -1,3 +1,5 @@
+var createBuiltin = $vm.createBuiltin;
+
 function shouldBe(actual, expected) {
     if (actual !== expected)
         throw new Error('bad value: ' + actual);
index 1c86563..071691c 100644 (file)
@@ -1,3 +1,5 @@
+var createBuiltin = $vm.createBuiltin;
+
 function shouldBe(actual, expected) {
     if (actual !== expected)
         throw new Error('bad value: ' + actual);
index 63c0007..5cee5e2 100644 (file)
@@ -1,3 +1,5 @@
+var createBuiltin = $vm.createBuiltin;
+
 function shouldBe(actual, expected) {
     if (actual !== expected)
         throw new Error('bad value: ' + actual);
index 01140ad..688c687 100644 (file)
@@ -1,3 +1,5 @@
+var createBuiltin = $vm.createBuiltin;
+
 function shouldBe(actual, expected) {
     if (actual !== expected)
         throw new Error('bad value: ' + actual);
index 3241abd..3b746e3 100644 (file)
@@ -1,3 +1,5 @@
+var createBuiltin = $vm.createBuiltin;
+
 function shouldBe(actual, expected)
 {
     if (actual !== expected)
index d8a5b8d..92ae694 100644 (file)
@@ -1,6 +1,8 @@
 // This test was originally for message passing of typed arrays. But it turns out that it is a good
 // stress of JSC inline caches as well. So, this is a DOMless version of the test.
 
+var abort = $vm.abort;
+
 var window;
 
 (function() {
index 0a58aa2..e4363ac 100644 (file)
@@ -1,3 +1,5 @@
+var createBuiltin = $vm.createBuiltin;
+
 var target = createBuiltin(`(function(array)
 {
     if (array) {
index d522f54..26dac7a 100644 (file)
@@ -1,3 +1,5 @@
+var createDOMJITFunctionObject = $vm.createDOMJITFunctionObject;
+
 function shouldBe(actual, expected) {
     if (actual !== expected)
         throw new Error('bad value: ' + actual);
index a9836fe..4b4b1d4 100644 (file)
@@ -1,3 +1,6 @@
+var createDOMJITNodeObject = $vm.createDOMJITNodeObject;
+var createDOMJITCheckSubClassObject = $vm.createDOMJITCheckSubClassObject;
+
 function shouldBe(actual, expected) {
     if (actual !== expected)
         throw new Error('bad value: ' + actual);
index 86fdd5f..48442da 100644 (file)
@@ -1,3 +1,5 @@
+var createBuiltin = $vm.createBuiltin;
+
 const test = createBuiltin(`(function (arg) {
     let other = @undefined;
     @idWithProfile(other, "SpecObject");
index da6900c..11283a2 100644 (file)
@@ -1,3 +1,5 @@
+var createCustomTestGetterSetter = $vm.createCustomTestGetterSetter;
+
 function assert(b, m) {
     if (!b)
         throw new Error("Bad:" + m);
index d70cbac..ecc12fb 100644 (file)
@@ -1,3 +1,5 @@
+var abort = $vm.abort;
+
 function assert(b) {
     if (!b) {
         abort(); 
index 339f80e..b8ee62f 100644 (file)
@@ -1,3 +1,5 @@
+var createDOMJITGetterBaseJSObject =  $vm.createDOMJITGetterBaseJSObject;
+
 function assert(b, m) {
     if (!b)
         throw new Error("Bad:" + m);
index 828a225..9022bd3 100644 (file)
@@ -1,3 +1,5 @@
+var createDOMJITGetterComplexObject = $vm.createDOMJITGetterComplexObject;
+
 function shouldBe(actual, expected) {
     if (actual !== expected)
         throw new Error(`bad value: ${String(actual)}`);
index 09acb22..93f61c8 100644 (file)
@@ -1,3 +1,5 @@
+var createDOMJITGetterComplexObject = $vm.createDOMJITGetterComplexObject;
+
 function shouldBe(actual, expected) {
     if (actual !== expected)
         throw new Error(`bad value: ${String(actual)}`);
index 9e6c5a6..1778935 100644 (file)
@@ -1,3 +1,5 @@
+var createDOMJITGetterComplexObject = $vm.createDOMJITGetterComplexObject;
+
 function shouldThrow(func, errorMessage) {
     var errorThrown = false;
     var error = null;
index 195de7e..7e28aa2 100644 (file)
@@ -1,3 +1,5 @@
+var createDOMJITGetterComplexObject = $vm.createDOMJITGetterComplexObject;
+
 function shouldBe(actual, expected) {
     if (actual !== expected)
         throw new Error(`bad value: ${String(actual)}`);
index ce311ef..f7d4785 100644 (file)
@@ -1,3 +1,5 @@
+var createDOMJITGetterObject = $vm.createDOMJITGetterObject;
+
 function shouldBe(actual, expected) {
     if (actual !== expected)
         throw new Error(`bad value: ${String(actual)}`);
index c3ba884..cda0cc1 100644 (file)
@@ -1,3 +1,5 @@
+var createDOMJITNodeObject = $vm.createDOMJITNodeObject;
+
 function shouldBe(actual, expected) {
     if (actual !== expected)
         throw new Error(`bad value: ${String(actual)}`);
index 5487dd3..b6f21dd 100644 (file)
@@ -1,3 +1,5 @@
+var createDOMJITGetterObject = $vm.createDOMJITGetterObject;
+
 function shouldBe(actual, expected) {
     if (actual !== expected)
         throw new Error(`bad value: ${String(actual)}`);
index d764332..e060a92 100644 (file)
@@ -1,3 +1,5 @@
+var createDOMJITGetterObject = $vm.createDOMJITGetterObject;
+
 function shouldBe(actual, expected) {
     if (actual !== expected)
         throw new Error(`bad value: ${String(actual)}`);
index 1ba2884..7da3907 100644 (file)
@@ -1,3 +1,5 @@
+var createDOMJITGetterObject = $vm.createDOMJITGetterObject;
+
 function shouldBe(actual, expected) {
     if (actual !== expected)
         throw new Error(`bad value: ${String(actual)}`);
index 44357db..81b5e27 100644 (file)
@@ -1,3 +1,5 @@
+var createProxy = $vm.createProxy;
+
 function foo(o_) {
     var o = o_;
     var result = 0;
index 0fb0258..0ea8874 100644 (file)
@@ -1,5 +1,9 @@
 // Tests that opaque roots behave correctly during young generation collections
 
+var Element = $vm.Element;
+var Root = $vm.Root;
+var getElement = $vm.getElement;
+
 try {
     // regression test for bug 160773.  This should not crash.
     new (Element.bind());
index 4331eff..fcfddf4 100644 (file)
@@ -1,3 +1,5 @@
+var setGlobalConstRedeclarationShouldNotThrow = $vm.setGlobalConstRedeclarationShouldNotThrow;
+
 function assert(b) {
     if (!b)
         throw new Error("Bad assertion.");
index c5fa470..1177cb9 100644 (file)
@@ -1,3 +1,5 @@
+var setGlobalConstRedeclarationShouldNotThrow = $vm.setGlobalConstRedeclarationShouldNotThrow;
+
 function assert(b) {
     if (!b)
         throw new Error("Bad assertion.");
index 771c0cc..d96a3d6 100644 (file)
@@ -1,3 +1,5 @@
+var setGlobalConstRedeclarationShouldNotThrow = $vm.setGlobalConstRedeclarationShouldNotThrow;
+
 function assert(b) {
     if (!b)
         throw new Error("Bad assertion.");
index af9ded4..e3ea091 100644 (file)
@@ -1,3 +1,5 @@
+var setGlobalConstRedeclarationShouldNotThrow = $vm.setGlobalConstRedeclarationShouldNotThrow;
+
 function assert(b) {
     if (!b)
         throw new Error("Bad assertion.");
index c8115a6..aed1b41 100644 (file)
@@ -1,3 +1,5 @@
+var setGlobalConstRedeclarationShouldNotThrow = $vm.setGlobalConstRedeclarationShouldNotThrow;
+
 function assert(b) {
     if (!b)
         throw new Error("Bad assertion.");
index c5d967c..d718b21 100644 (file)
@@ -1,3 +1,5 @@
+var abort = $vm.abort;
+
 (async function () {
     const { shouldBe } = await import('./import-tests/should.js');
     {
index b8e0792..5f75db0 100644 (file)
@@ -1,3 +1,5 @@
+var abort = $vm.abort;
+
 (async function () {
     const { shouldBe, shouldThrow } = await import("./import-tests/should.js");
 
index 7e97e94..8a5381a 100644 (file)
@@ -1,3 +1,5 @@
+var abort = $vm.abort;
+
 function shouldBe(actual, expected)
 {
     if (actual !== expected)
index 2b96be4..25a3fbb 100644 (file)
@@ -1,3 +1,5 @@
+var abort = $vm.abort;
+
 function testSyntaxError(script, message) {
     var error = null;
     try {
index bb376de..b1293bd 100644 (file)
@@ -1,4 +1,5 @@
-
+var createImpureGetter = $vm.createImpureGetter;
+var setImpureGetterDelegate = $vm.setImpureGetterDelegate;
 
 var ig = createImpureGetter(null);
 ig.x = 42;
index 0b8bc34..a75d3d5 100644 (file)
@@ -1,3 +1,5 @@
+var createBuiltin = $vm.createBuiltin;
+
 function assert(x) {
     if (!x)
         throw Error("Bad");
index 833d22c..998a8f6 100644 (file)
@@ -1,3 +1,5 @@
+var createBuiltin = $vm.createBuiltin;
+
 let typedArrays = [Int8Array, Uint8Array, Uint8ClampedArray, Int16Array, Uint16Array, Int32Array, Uint32Array, Float32Array, Float64Array];
 
 function makeFn(dontInline) {
index bb5b6ac..84b5fe5 100644 (file)
@@ -1,6 +1,8 @@
 //@ runFTLNoCJIT
 // This test passes if it does not crash or trigger any assertion failures.
 
+var setImpureGetterDelegate = $vm.setImpureGetterDelegate;
+
 function shouldEqual(actual, expected) {
     if (actual != expected) {
         throw "ERROR: expect " + expected + ", actual " + actual;
index 551f5c4..3c96198 100644 (file)
@@ -1,6 +1,9 @@
 //@ runFTLNoCJIT
 // This test passes if it does not crash or trigger any assertion failures.
 
+var getHiddenValue =  $vm.getHiddenValue;
+var setHiddenValue =  $vm.setHiddenValue;
+
 function shouldEqual(actual, expected) {
     if (actual != expected) {
         throw "ERROR: expect " + expected + ", actual " + actual;
index 855ee5e..2351d6e 100644 (file)
@@ -1,3 +1,5 @@
+var createProxy = $vm.createProxy;
+
 let foo = {};
 let properties = [];
 let p = new Proxy(foo, { get:(target, property) => {
index a56c838..c3c3c40 100644 (file)
@@ -1,3 +1,5 @@
+var createCustomTestGetterSetter = $vm.createCustomTestGetterSetter;
+
 function assert(b, m) {
     if (!b)
         throw new Error("Bad:" + m);
index faeabcc..f3e9af6 100644 (file)
@@ -1,3 +1,5 @@
+var createProxy = $vm.createProxy;
+
 var niters = 100000;
 
 // proxy -> target -> x
index dfc7754..98a98ba 100644 (file)
@@ -1,3 +1,5 @@
+var abort = $vm.abort;
+
 function shouldBe(actual, expected)
 {
     if (actual !== expected)
index cc5642f..d8f6b28 100644 (file)
@@ -1,6 +1,8 @@
 // Makes sure we don't use base's tag register on 32-bit when an inline cache fails and jumps to the slow path
 // because the slow path depends on the base being present.
 
+var createCustomGetterObject = $vm.createCustomGetterObject;
+
 function assert(b) {
     if (!b)
         throw new Error("baddd");
index 79d2ba2..1ceb6d9 100644 (file)
@@ -1,5 +1,7 @@
 // Verify that DFG TryGetById nodes properly save live registers.  This test should not crash.
 
+var createBuiltin = $vm.createBuiltin;
+
 function tryMultipleGetByIds() { return '(function (base) { return @tryGetById(base, "value1") + @tryGetById(base, "value2") + @tryGetById(base, "value3"); })'; } 
 
 
index d08b148..78f1d46 100644 (file)
@@ -1,5 +1,8 @@
 //@ runDefault
 
+var createBuiltin = $vm.createBuiltin;
+var loadGetterFromGetterSetter = $vm.loadGetterFromGetterSetter;
+
 var exception;
 var getter;
 
index d842f91..d0b5584 100644 (file)
@@ -1,5 +1,7 @@
 "use strict";
 
+var shadowChickenFunctionsOnStack = $vm.shadowChickenFunctionsOnStack;
+
 function describeFunction(f)
 {
     var name;
index aee6fd7..2372750 100644 (file)
@@ -1,3 +1,5 @@
+var createRuntimeArray = $vm.createRuntimeArray;
+
 function testArrayConcat() {
     var array = createRuntimeArray(1, 2, 3);
     var result = array.concat();
index 6baeccf..ce35d16 100644 (file)
@@ -1,3 +1,5 @@
+var abort = $vm.abort;
+
 if (platformSupportsSamplingProfiler()) {
     load("./sampling-profiler/samplingProfiler.js");
 
index 93e7156..19cf73d 100644 (file)
@@ -2,6 +2,8 @@
 
 "use strict";
 
+var shadowChickenFunctionsOnStack = $vm.shadowChickenFunctionsOnStack;
+
 var verbose = false;
 
 load("resources/shadow-chicken-support.js");
index 0339dd1..dec8e71 100644 (file)
@@ -1,3 +1,5 @@
+var globalObjectForObject = $vm.globalObjectForObject;
+
 function assert(b) {
     if (!b)
         throw new Error("Bad assertion");
index 265895f..2097163 100644 (file)
@@ -1,5 +1,7 @@
 "use strict";
 
+var createCustomGetterObject = $vm.createCustomGetterObject;
+
 function assert(a) {
     if (!a)
         throw new Error("Bad!");
index fece9d6..3b60f7c 100644 (file)
@@ -1,3 +1,5 @@
+var createBuiltin = $vm.createBuiltin;
+
 // This is pretty bad but I need a private name.
 var putFuncToPrivateName = createBuiltin(`(function(func) { @arrayIteratorIsDone = func })`)
 putFuncToPrivateName(function (a,b) { return b; })
index 9beb832..3f2ebb1 100644 (file)
@@ -1,3 +1,5 @@
+var createBuiltin = $vm.createBuiltin;
+
 function shouldBe(actual, expected) {
     if (actual !== expected)
         throw new Error('bad value: ' + actual);
index bf0960b..c2fb990 100644 (file)
@@ -1,3 +1,5 @@
+var createBuiltin = $vm.createBuiltin;
+
 function shouldThrow(func, errorMessage) {
     var errorThrown = false;
     var error = null;
index 457f3e2..73b0b50 100644 (file)
@@ -1,3 +1,5 @@
+var createBuiltin = $vm.createBuiltin;
+
 function shouldBe(actual, expected) {
     if (actual !== expected)
         throw new Error('bad value: ' + actual);
index 76e1177..7eacd17 100644 (file)
@@ -1,3 +1,5 @@
+var createBuiltin = $vm.createBuiltin;
+
 function shouldBe(actual, expected) {
     if (actual !== expected)
         throw new Error('bad value: ' + actual);
index 054d262..738d1ba 100644 (file)
@@ -1,3 +1,5 @@
+var createBuiltin = $vm.createBuiltin;
+
 function shouldBe(actual, expected) {
     if (actual !== expected)
         throw new Error('bad value: ' + actual);
index ac29c62..33a13a8 100644 (file)
@@ -1,3 +1,5 @@
+var createBuiltin = $vm.createBuiltin;
+
 function shouldBe(actual, expected) {
     if (actual !== expected)
         throw new Error('bad value: ' + actual);
index 0228d1c..3b5fb3a 100644 (file)
@@ -1,3 +1,5 @@
+var createBuiltin = $vm.createBuiltin;
+
 function shouldBe(actual, expected) {
     if (actual !== expected)
         throw new Error('bad value: ' + actual);
index 80af76c..fe7d5c4 100644 (file)
@@ -1,3 +1,5 @@
+var createCustomGetterObject = $vm.createCustomGetterObject;
+
 function assert(b) {
     if (!b) throw new Error("b");
 }
index 3a2e4c2..d73ef37 100644 (file)
@@ -1,3 +1,6 @@
+var createBuiltin = $vm.createBuiltin;
+var loadGetterFromGetterSetter = $vm.loadGetterFromGetterSetter;
+
 function assert(b, m) {
     if (!b)
         throw new Error("Bad:" + m);
index 48c4559..22507c1 100644 (file)
@@ -1,3 +1,5 @@
+var createBuiltin = $vm.createBuiltin;
+
 let f = createBuiltin(`(function (arg) { 
     let r = @tryGetById(arg, "prototype");
     if (arg !== true) throw new @Error("Bad clobber of arg");
index 6b0b538..5407eec 100644 (file)
@@ -1,3 +1,6 @@
+var createBuiltin = $vm.createBuiltin;
+var getGetterSetter = $vm.getGetterSetter;
+
 function tryGetByIdText(propertyName) { return `(function (base) { return @tryGetById(base, '${propertyName}'); })`; }
 
 function tryGetByIdTextStrict(propertyName) { return `(function (base) { "use strict"; return @tryGetById(base, '${propertyName}'); })`; }
index 52e4c07..50905cf 100644 (file)
@@ -1,3 +1,6 @@
+var findTypeForExpression = $vm.findTypeForExpression;
+var returnTypeFor = $vm.returnTypeFor;
+
 load("./driver/driver.js");
 
 let foo = (x) => x;
index 2b078ac..378e0a4 100644 (file)
@@ -1,3 +1,5 @@
+var findTypeForExpression = $vm.findTypeForExpression;
+
 load("./driver/driver.js");
 
 function wrapper() {
index 91a4aaa..6560034 100644 (file)
@@ -1,3 +1,5 @@
+var findTypeForExpression = $vm.findTypeForExpression;
+
 load("./driver/driver.js");
 
 var changeFoo;
index 7e4700b..52ac8b0 100644 (file)
@@ -1,3 +1,5 @@
+var findTypeForExpression = $vm.findTypeForExpression;
+
 load("./driver/driver.js");
 
 function wrapper() {
index b3ebd6a..7e1b1aa 100644 (file)
@@ -1,3 +1,5 @@
+var findTypeForExpression = $vm.findTypeForExpression;
+
 load("./driver/driver.js");
 
 function tierUpToDFG(func, arg) 
index c64feb9..f348d7e 100644 (file)
@@ -1,3 +1,5 @@
+var findTypeForExpression = $vm.findTypeForExpression;
+
 load("./driver/driver.js");
 
 function wrapper()
index 81a7ef2..03300f9 100644 (file)
@@ -1,3 +1,5 @@
+var findTypeForExpression = $vm.findTypeForExpression;
+
 load("./driver/driver.js");
 
 let changeFoo;
index c53aaa2..bdb74ba 100644 (file)
@@ -1,3 +1,5 @@
+var findTypeForExpression = $vm.findTypeForExpression;
+
 load("./driver/driver.js");
 
 let changeFoo;
index 176b2d7..9bc6451 100644 (file)
@@ -1,3 +1,5 @@
+var findTypeForExpression = $vm.findTypeForExpression;
+
 load("./driver/driver.js");
 
 function wrapper()
index e8da5d4..60fcefb 100644 (file)
@@ -1,3 +1,5 @@
+var findTypeForExpression = $vm.findTypeForExpression;
+
 load("./driver/driver.js");
 
 function test()
index c6c7875..2ff7e1f 100644 (file)
@@ -1,3 +1,5 @@
+var findTypeForExpression = $vm.findTypeForExpression;
+
 load("./driver/driver.js");
 
 function testForIn(x) {
index 2aa3415..222de55 100644 (file)
@@ -1,3 +1,5 @@
+var findTypeForExpression =  $vm.findTypeForExpression;
+
 load("./driver/driver.js");
 
 var func;
index 1c93980..0bf543b 100644 (file)
@@ -1,3 +1,5 @@
+var findTypeForExpression = $vm.findTypeForExpression;
+
 load("./driver/driver.js");
 
 function wrapper()
index fd57291..c10cd7e 100644 (file)
@@ -1,3 +1,5 @@
+var returnTypeFor = $vm.returnTypeFor;
+
 load("./driver/driver.js");
 
 function foo(x) { return x; }
index 0686faa..79daf64 100644 (file)
@@ -1,3 +1,5 @@
+var findTypeForExpression = $vm.findTypeForExpression;
+
 load("./driver/driver.js");
 
 function wrapper() {
index 0816e56..ac38e30 100644 (file)
@@ -1,3 +1,5 @@
+var findTypeForExpression = $vm.findTypeForExpression;
+
 load("./driver/driver.js");
 
 function wrapper() {
index 2752991..708cf8f 100644 (file)
@@ -1,3 +1,13 @@
+2017-11-24  Mark Lam  <mark.lam@apple.com>
+
+        Move unsafe jsc shell test functions to the $vm object.
+        https://bugs.webkit.org/show_bug.cgi?id=179980
+
+        Reviewed by Yusuke Suzuki.
+
+        * js/script-tests/stack-trace.js:
+        * js/stack-trace-expected.txt:
+
 2017-11-23  Antoine Quint  <graouts@apple.com>
 
         [Web Animations] Perform hardware-composited animations when possible
index 180da73..91c5bab 100644 (file)
@@ -1,3 +1,6 @@
+if (typeof Element == "undefined" && $vm)
+    Element = $vm.Element;
+
 if (!this.alert) {
     debug = print;
     description = print;
index 4868cd2..d4931f3 100644 (file)
 This test checks stack trace corectness in special cases.
 --> Stack Trace:
-    0   normalInner at stack-trace.js:84:47
-    1   normalOuter at stack-trace.js:83:37
-    2   global code at stack-trace.js:89:18
+    0   normalInner at stack-trace.js:87:47
+    1   normalOuter at stack-trace.js:86:37
+    2   global code at stack-trace.js:92:18
 
 --> Stack Trace:
-    0   inner at stack-trace.js:81:44
+    0   inner at stack-trace.js:84:44
     1    at eval code
     2   eval at [native code]
-    3   evaler at stack-trace.js:82:29
-    4   global code at stack-trace.js:92:13
+    3   evaler at stack-trace.js:85:29
+    4   global code at stack-trace.js:95:13
 
 --> Stack Trace:
-    0   inner at stack-trace.js:81:44
-    1   outer at stack-trace.js:80:34
+    0   inner at stack-trace.js:84:44
+    1   outer at stack-trace.js:83:34
     2    at eval code
     3   eval at [native code]
-    4   evaler at stack-trace.js:82:29
-    5   global code at stack-trace.js:93:13
+    4   evaler at stack-trace.js:85:29
+    5   global code at stack-trace.js:96:13
 
 --> Stack Trace:
-    0   inner at stack-trace.js:81:44
-    1   global code at stack-trace.js:96:23
+    0   inner at stack-trace.js:84:44
+    1   global code at stack-trace.js:99:23
 
 --> Stack Trace:
-    0   inner at stack-trace.js:81:44
-    1   outer at stack-trace.js:80:34
-    2   global code at stack-trace.js:97:23
+    0   inner at stack-trace.js:84:44
+    1   outer at stack-trace.js:83:34
+    2   global code at stack-trace.js:100:23
 
 --> Stack Trace:
-    0   hostThrower at stack-trace.js:78:43
-    1   global code at stack-trace.js:100:18
+    0   hostThrower at stack-trace.js:81:43
+    1   global code at stack-trace.js:103:18
 
 --> Stack Trace:
-    0   scripterInner at stack-trace.js:85:37
-    1   global code at stack-trace.js:102:20
+    0   scripterInner at stack-trace.js:88:37
+    1   global code at stack-trace.js:105:20
 
 --> Stack Trace:
-    0   scripterOuter at stack-trace.js:86:37
-    1   global code at stack-trace.js:103:20
+    0   scripterOuter at stack-trace.js:89:37
+    1   global code at stack-trace.js:106:20
 
 --> Stack Trace:
-    0   selfRecursive1 at stack-trace.js:105:43
-    1   selfRecursive1 at stack-trace.js:105:43
-    2   selfRecursive1 at stack-trace.js:105:43
-    3   selfRecursive1 at stack-trace.js:105:43
-    4   selfRecursive1 at stack-trace.js:105:43
-    5   selfRecursive1 at stack-trace.js:105:43
-    6   selfRecursive1 at stack-trace.js:105:43
-    7   selfRecursive1 at stack-trace.js:105:43
-    8   selfRecursive1 at stack-trace.js:105:43
-    9   selfRecursive1 at stack-trace.js:105:43
-    10   selfRecursive1 at stack-trace.js:105:43
-    11   selfRecursive1 at stack-trace.js:105:43
-    12   selfRecursive1 at stack-trace.js:105:43
-    13   selfRecursive1 at stack-trace.js:105:43
-    14   selfRecursive1 at stack-trace.js:105:43
-    15   selfRecursive1 at stack-trace.js:105:43
-    16   selfRecursive1 at stack-trace.js:105:43
-    17   selfRecursive1 at stack-trace.js:105:43
-    18   selfRecursive1 at stack-trace.js:105:43
-    19   selfRecursive1 at stack-trace.js:105:43
-    20   selfRecursive1 at stack-trace.js:105:43
-    21   selfRecursive1 at stack-trace.js:105:43
-    22   selfRecursive1 at stack-trace.js:105:43
-    23   selfRecursive1 at stack-trace.js:105:43
-    24   selfRecursive1 at stack-trace.js:105:43
-    25   selfRecursive1 at stack-trace.js:105:43
-    26   selfRecursive1 at stack-trace.js:105:43
-    27   selfRecursive1 at stack-trace.js:105:43
-    28   selfRecursive1 at stack-trace.js:105:43
-    29   selfRecursive1 at stack-trace.js:105:43
-    30   selfRecursive1 at stack-trace.js:105:43
-    31   selfRecursive1 at stack-trace.js:105:43
-    32   selfRecursive1 at stack-trace.js:105:43
-    33   selfRecursive1 at stack-trace.js:105:43
-    34   selfRecursive1 at stack-trace.js:105:43
-    35   selfRecursive1 at stack-trace.js:105:43
-    36   selfRecursive1 at stack-trace.js:105:43
-    37   selfRecursive1 at stack-trace.js:105:43
-    38   selfRecursive1 at stack-trace.js:105:43
-    39   selfRecursive1 at stack-trace.js:105:43
-    40   selfRecursive1 at stack-trace.js:105:43
-    41   selfRecursive1 at stack-trace.js:105:43
-    42   selfRecursive1 at stack-trace.js:105:43
-    43   selfRecursive1 at stack-trace.js:105:43
-    44   selfRecursive1 at stack-trace.js:105:43
-    45   selfRecursive1 at stack-trace.js:105:43
-    46   selfRecursive1 at stack-trace.js:105:43
-    47   selfRecursive1 at stack-trace.js:105:43
-    48   selfRecursive1 at stack-trace.js:105:43
-    49   selfRecursive1 at stack-trace.js:105:43
-    50   selfRecursive1 at stack-trace.js:105:43
-    51   selfRecursive1 at stack-trace.js:105:43
-    52   selfRecursive1 at stack-trace.js:105:43
-    53   selfRecursive1 at stack-trace.js:105:43
-    54   selfRecursive1 at stack-trace.js:105:43
-    55   selfRecursive1 at stack-trace.js:105:43
-    56   selfRecursive1 at stack-trace.js:105:43
-    57   selfRecursive1 at stack-trace.js:105:43
-    58   selfRecursive1 at stack-trace.js:105:43
-    59   selfRecursive1 at stack-trace.js:105:43
-    60   selfRecursive1 at stack-trace.js:105:43
-    61   selfRecursive1 at stack-trace.js:105:43
-    62   selfRecursive1 at stack-trace.js:105:43
-    63   selfRecursive1 at stack-trace.js:105:43
-    64   selfRecursive1 at stack-trace.js:105:43
-    65   selfRecursive1 at stack-trace.js:105:43
-    66   selfRecursive1 at stack-trace.js:105:43
-    67   selfRecursive1 at stack-trace.js:105:43
-    68   selfRecursive1 at stack-trace.js:105:43
-    69   selfRecursive1 at stack-trace.js:105:43
-    70   selfRecursive1 at stack-trace.js:105:43
-    71   selfRecursive1 at stack-trace.js:105:43
-    72   selfRecursive1 at stack-trace.js:105:43
-    73   selfRecursive1 at stack-trace.js:105:43
-    74   selfRecursive1 at stack-trace.js:105:43
-    75   selfRecursive1 at stack-trace.js:105:43
-    76   selfRecursive1 at stack-trace.js:105:43
-    77   selfRecursive1 at stack-trace.js:105:43
-    78   selfRecursive1 at stack-trace.js:105:43
-    79   selfRecursive1 at stack-trace.js:105:43
-    80   selfRecursive1 at stack-trace.js:105:43
-    81   selfRecursive1 at stack-trace.js:105:43
-    82   selfRecursive1 at stack-trace.js:105:43
-    83   selfRecursive1 at stack-trace.js:105:43
-    84   selfRecursive1 at stack-trace.js:105:43
-    85   selfRecursive1 at stack-trace.js:105:43
-    86   selfRecursive1 at stack-trace.js:105:43
-    87   selfRecursive1 at stack-trace.js:105:43
-    88   selfRecursive1 at stack-trace.js:105:43
-    89   selfRecursive1 at stack-trace.js:105:43
-    90   selfRecursive1 at stack-trace.js:105:43
-    91   selfRecursive1 at stack-trace.js:105:43
-    92   selfRecursive1 at stack-trace.js:105:43
-    93   selfRecursive1 at stack-trace.js:105:43
-    94   selfRecursive1 at stack-trace.js:105:43
-    95   selfRecursive1 at stack-trace.js:105:43
-    96   selfRecursive1 at stack-trace.js:105:43
-    97   selfRecursive1 at stack-trace.js:105:43
-    98   selfRecursive1 at stack-trace.js:105:43
-    99   selfRecursive1 at stack-trace.js:105:43
+    0   selfRecursive1 at stack-trace.js:108:43
+    1   selfRecursive1 at stack-trace.js:108:43
+    2   selfRecursive1 at stack-trace.js:108:43
+    3   selfRecursive1 at stack-trace.js:108:43
+    4   selfRecursive1 at stack-trace.js:108:43
+    5   selfRecursive1 at stack-trace.js:108:43
+    6   selfRecursive1 at stack-trace.js:108:43
+    7   selfRecursive1 at stack-trace.js:108:43
+    8   selfRecursive1 at stack-trace.js:108:43
+    9   selfRecursive1 at stack-trace.js:108:43
+    10   selfRecursive1 at stack-trace.js:108:43
+    11   selfRecursive1 at stack-trace.js:108:43
+    12   selfRecursive1 at stack-trace.js:108:43
+    13   selfRecursive1 at stack-trace.js:108:43
+    14   selfRecursive1 at stack-trace.js:108:43
+    15   selfRecursive1 at stack-trace.js:108:43
+    16   selfRecursive1 at stack-trace.js:108:43
+    17   selfRecursive1 at stack-trace.js:108:43
+    18   selfRecursive1 at stack-trace.js:108:43
+    19   selfRecursive1 at stack-trace.js:108:43
+    20   selfRecursive1 at stack-trace.js:108:43
+    21   selfRecursive1 at stack-trace.js:108:43
+    22   selfRecursive1 at stack-trace.js:108:43
+    23   selfRecursive1 at stack-trace.js:108:43
+    24   selfRecursive1 at stack-trace.js:108:43
+    25   selfRecursive1 at stack-trace.js:108:43
+    26   selfRecursive1 at stack-trace.js:108:43
+    27   selfRecursive1 at stack-trace.js:108:43
+    28   selfRecursive1 at stack-trace.js:108:43
+    29   selfRecursive1 at stack-trace.js:108:43
+    30   selfRecursive1 at stack-trace.js:108:43
+    31   selfRecursive1 at stack-trace.js:108:43
+    32   selfRecursive1 at stack-trace.js:108:43
+    33   selfRecursive1 at stack-trace.js:108:43
+    34   selfRecursive1 at stack-trace.js:108:43
+    35   selfRecursive1 at stack-trace.js:108:43
+    36   selfRecursive1 at stack-trace.js:108:43
+    37   selfRecursive1 at stack-trace.js:108:43
+    38   selfRecursive1 at stack-trace.js:108:43
+    39   selfRecursive1 at stack-trace.js:108:43
+    40   selfRecursive1 at stack-trace.js:108:43
+    41   selfRecursive1 at stack-trace.js:108:43
+    42   selfRecursive1 at stack-trace.js:108:43
+    43   selfRecursive1 at stack-trace.js:108:43
+    44   selfRecursive1 at stack-trace.js:108:43
+    45   selfRecursive1 at stack-trace.js:108:43
+    46   selfRecursive1 at stack-trace.js:108:43
+    47   selfRecursive1 at stack-trace.js:108:43
+    48   selfRecursive1 at stack-trace.js:108:43
+    49   selfRecursive1 at stack-trace.js:108:43
+    50   selfRecursive1 at stack-trace.js:108:43
+    51   selfRecursive1 at stack-trace.js:108:43
+    52   selfRecursive1 at stack-trace.js:108:43
+    53   selfRecursive1 at stack-trace.js:108:43
+    54   selfRecursive1 at stack-trace.js:108:43
+    55   selfRecursive1 at stack-trace.js:108:43
+    56   selfRecursive1 at stack-trace.js:108:43
+    57   selfRecursive1 at stack-trace.js:108:43
+    58   selfRecursive1 at stack-trace.js:108:43
+    59   selfRecursive1 at stack-trace.js:108:43
+    60   selfRecursive1 at stack-trace.js:108:43
+    61   selfRecursive1 at stack-trace.js:108:43
+    62   selfRecursive1 at stack-trace.js:108:43
+    63   selfRecursive1 at stack-trace.js:108:43
+    64   selfRecursive1 at stack-trace.js:108:43
+    65   selfRecursive1 at stack-trace.js:108:43
+    66   selfRecursive1 at stack-trace.js:108:43
+    67   selfRecursive1 at stack-trace.js:108:43
+    68   selfRecursive1 at stack-trace.js:108:43
+    69   selfRecursive1 at stack-trace.js:108:43
+    70   selfRecursive1 at stack-trace.js:108:43
+    71   selfRecursive1 at stack-trace.js:108:43
+    72   selfRecursive1 at stack-trace.js:108:43
+    73   selfRecursive1 at stack-trace.js:108:43
+    74   selfRecursive1 at stack-trace.js:108:43
+    75   selfRecursive1 at stack-trace.js:108:43
+    76   selfRecursive1 at stack-trace.js:108:43
+    77   selfRecursive1 at stack-trace.js:108:43
+    78   selfRecursive1 at stack-trace.js:108:43
+    79   selfRecursive1 at stack-trace.js:108:43
+    80   selfRecursive1 at stack-trace.js:108:43
+    81   selfRecursive1 at stack-trace.js:108:43
+    82   selfRecursive1 at stack-trace.js:108:43
+    83   selfRecursive1 at stack-trace.js:108:43
+    84   selfRecursive1 at stack-trace.js:108:43
+    85   selfRecursive1 at stack-trace.js:108:43
+    86   selfRecursive1 at stack-trace.js:108:43
+    87   selfRecursive1 at stack-trace.js:108:43
+    88   selfRecursive1 at stack-trace.js:108:43
+    89   selfRecursive1 at stack-trace.js:108:43
+    90   selfRecursive1 at stack-trace.js:108:43
+    91   selfRecursive1 at stack-trace.js:108:43
+    92   selfRecursive1 at stack-trace.js:108:43
+    93   selfRecursive1 at stack-trace.js:108:43
+    94   selfRecursive1 at stack-trace.js:108:43
+    95   selfRecursive1 at stack-trace.js:108:43
+    96   selfRecursive1 at stack-trace.js:108:43
+    97   selfRecursive1 at stack-trace.js:108:43
+    98   selfRecursive1 at stack-trace.js:108:43
+    99   selfRecursive1 at stack-trace.js:108:43
 
 --> Stack Trace:
-    0   selfRecursive2 at stack-trace.js:115:27
-    1   selfRecursive2 at stack-trace.js:115:27
-    2   selfRecursive2 at stack-trace.js:115:27
-    3   selfRecursive2 at stack-trace.js:115:27
-    4   selfRecursive2 at stack-trace.js:115:27
-    5   selfRecursive2 at stack-trace.js:115:27
-    6   selfRecursive2 at stack-trace.js:115:27
-    7   selfRecursive2 at stack-trace.js:115:27
-    8   selfRecursive2 at stack-trace.js:115:27
-    9   selfRecursive2 at stack-trace.js:115:27
-    10   selfRecursive2 at stack-trace.js:115:27
-    11   selfRecursive2 at stack-trace.js:115:27
-    12   selfRecursive2 at stack-trace.js:115:27
-    13   selfRecursive2 at stack-trace.js:115:27
-    14   selfRecursive2 at stack-trace.js:115:27
-    15   selfRecursive2 at stack-trace.js:115:27
-    16   selfRecursive2 at stack-trace.js:115:27
-    17   selfRecursive2 at stack-trace.js:115:27
-    18   selfRecursive2 at stack-trace.js:115:27
-    19   selfRecursive2 at stack-trace.js:115:27
-    20   selfRecursive2 at stack-trace.js:115:27
-    21   selfRecursive2 at stack-trace.js:115:27
-    22   selfRecursive2 at stack-trace.js:115:27
-    23   selfRecursive2 at stack-trace.js:115:27
-    24   selfRecursive2 at stack-trace.js:115:27
-    25   selfRecursive2 at stack-trace.js:115:27
-    26   selfRecursive2 at stack-trace.js:115:27
-    27   selfRecursive2 at stack-trace.js:115:27
-    28   selfRecursive2 at stack-trace.js:115:27
-    29   selfRecursive2 at stack-trace.js:115:27
-    30   selfRecursive2 at stack-trace.js:115:27
-    31   selfRecursive2 at stack-trace.js:115:27
-    32   selfRecursive2 at stack-trace.js:115:27
-    33   selfRecursive2 at stack-trace.js:115:27
-    34   selfRecursive2 at stack-trace.js:115:27
-    35   selfRecursive2 at stack-trace.js:115:27
-    36   selfRecursive2 at stack-trace.js:115:27
-    37   selfRecursive2 at stack-trace.js:115:27
-    38   selfRecursive2 at stack-trace.js:115:27
-    39   selfRecursive2 at stack-trace.js:115:27
-    40   selfRecursive2 at stack-trace.js:115:27
-    41   selfRecursive2 at stack-trace.js:115:27
-    42   selfRecursive2 at stack-trace.js:115:27
-    43   selfRecursive2 at stack-trace.js:115:27
-    44   selfRecursive2 at stack-trace.js:115:27
-    45   selfRecursive2 at stack-trace.js:115:27
-    46   selfRecursive2 at stack-trace.js:115:27
-    47   selfRecursive2 at stack-trace.js:115:27
-    48   selfRecursive2 at stack-trace.js:115:27
-    49   selfRecursive2 at stack-trace.js:115:27
-    50   selfRecursive2 at stack-trace.js:115:27
-    51   selfRecursive2 at stack-trace.js:115:27
-    52   selfRecursive2 at stack-trace.js:115:27
-    53   selfRecursive2 at stack-trace.js:115:27
-    54   selfRecursive2 at stack-trace.js:115:27
-    55   selfRecursive2 at stack-trace.js:115:27
-    56   selfRecursive2 at stack-trace.js:115:27
-    57   selfRecursive2 at stack-trace.js:115:27
-    58   selfRecursive2 at stack-trace.js:115:27
-    59   selfRecursive2 at stack-trace.js:115:27
-    60   selfRecursive2 at stack-trace.js:115:27
-    61   selfRecursive2 at stack-trace.js:115:27
-    62   selfRecursive2 at stack-trace.js:115:27
-    63   selfRecursive2 at stack-trace.js:115:27
-    64   selfRecursive2 at stack-trace.js:115:27
-    65   selfRecursive2 at stack-trace.js:115:27
-    66   selfRecursive2 at stack-trace.js:115:27
-    67   selfRecursive2 at stack-trace.js:115:27
-    68   selfRecursive2 at stack-trace.js:115:27
-    69   selfRecursive2 at stack-trace.js:115:27
-    70   selfRecursive2 at stack-trace.js:115:27
-    71   selfRecursive2 at stack-trace.js:115:27
-    72   selfRecursive2 at stack-trace.js:115:27
-    73   selfRecursive2 at stack-trace.js:115:27
-    74   selfRecursive2 at stack-trace.js:115:27
-    75   selfRecursive2 at stack-trace.js:115:27
-    76   selfRecursive2 at stack-trace.js:115:27
-    77   selfRecursive2 at stack-trace.js:115:27
-    78   selfRecursive2 at stack-trace.js:115:27
-    79   selfRecursive2 at stack-trace.js:115:27
-    80   selfRecursive2 at stack-trace.js:115:27
-    81   selfRecursive2 at stack-trace.js:115:27
-    82   selfRecursive2 at stack-trace.js:115:27
-    83   selfRecursive2 at stack-trace.js:115:27
-    84   selfRecursive2 at stack-trace.js:115:27
-    85   selfRecursive2 at stack-trace.js:115:27
-    86   selfRecursive2 at stack-trace.js:115:27
-    87   selfRecursive2 at stack-trace.js:115:27
-    88   selfRecursive2 at stack-trace.js:115:27
-    89   selfRecursive2 at stack-trace.js:115:27
-    90   selfRecursive2 at stack-trace.js:115:27
-    91   selfRecursive2 at stack-trace.js:115:27
-    92   selfRecursive2 at stack-trace.js:115:27
-    93   selfRecursive2 at stack-trace.js:115:27
-    94   selfRecursive2 at stack-trace.js:115:27
-    95   selfRecursive2 at stack-trace.js:115:27
-    96   selfRecursive2 at stack-trace.js:115:27
-    97   selfRecursive2 at stack-trace.js:115:27
-    98   selfRecursive2 at stack-trace.js:115:27
-    99   selfRecursive2 at stack-trace.js:115:27
+    0   selfRecursive2 at stack-trace.js:118:27
+    1   selfRecursive2 at stack-trace.js:118:27
+    2   selfRecursive2 at stack-trace.js:118:27
+    3   selfRecursive2 at stack-trace.js:118:27
+    4   selfRecursive2 at stack-trace.js:118:27
+    5   selfRecursive2 at stack-trace.js:118:27
+    6   selfRecursive2 at stack-trace.js:118:27
+    7   selfRecursive2 at stack-trace.js:118:27
+    8   selfRecursive2 at stack-trace.js:118:27
+    9   selfRecursive2 at stack-trace.js:118:27
+    10   selfRecursive2 at stack-trace.js:118:27
+    11   selfRecursive2 at stack-trace.js:118:27
+    12   selfRecursive2 at stack-trace.js:118:27
+    13   selfRecursive2 at stack-trace.js:118:27
+    14   selfRecursive2 at stack-trace.js:118:27
+    15   selfRecursive2 at stack-trace.js:118:27
+    16   selfRecursive2 at stack-trace.js:118:27
+    17   selfRecursive2 at stack-trace.js:118:27
+    18   selfRecursive2 at stack-trace.js:118:27
+    19   selfRecursive2 at stack-trace.js:118:27
+    20   selfRecursive2 at stack-trace.js:118:27
+    21   selfRecursive2 at stack-trace.js:118:27
+    22   selfRecursive2 at stack-trace.js:118:27
+    23   selfRecursive2 at stack-trace.js:118:27
+    24   selfRecursive2 at stack-trace.js:118:27
+    25   selfRecursive2 at stack-trace.js:118:27
+    26   selfRecursive2 at stack-trace.js:118:27
+    27   selfRecursive2 at stack-trace.js:118:27
+    28   selfRecursive2 at stack-trace.js:118:27
+    29   selfRecursive2 at stack-trace.js:118:27
+    30   selfRecursive2 at stack-trace.js:118:27
+    31   selfRecursive2 at stack-trace.js:118:27
+    32   selfRecursive2 at stack-trace.js:118:27
+    33   selfRecursive2 at stack-trace.js:118:27
+    34   selfRecursive2 at stack-trace.js:118:27
+    35   selfRecursive2 at stack-trace.js:118:27
+    36   selfRecursive2 at stack-trace.js:118:27
+    37   selfRecursive2 at stack-trace.js:118:27
+    38   selfRecursive2 at stack-trace.js:118:27
+    39   selfRecursive2 at stack-trace.js:118:27
+    40   selfRecursive2 at stack-trace.js:118:27
+    41   selfRecursive2 at stack-trace.js:118:27
+    42   selfRecursive2 at stack-trace.js:118:27
+    43   selfRecursive2 at stack-trace.js:118:27
+    44   selfRecursive2 at stack-trace.js:118:27
+    45   selfRecursive2 at stack-trace.js:118:27
+    46   selfRecursive2 at stack-trace.js:118:27
+    47   selfRecursive2 at stack-trace.js:118:27
+    48   selfRecursive2 at stack-trace.js:118:27
+    49   selfRecursive2 at stack-trace.js:118:27
+    50   selfRecursive2 at stack-trace.js:118:27
+    51   selfRecursive2 at stack-trace.js:118:27
+    52   selfRecursive2 at stack-trace.js:118:27
+    53   selfRecursive2 at stack-trace.js:118:27
+    54   selfRecursive2 at stack-trace.js:118:27
+    55   selfRecursive2 at stack-trace.js:118:27
+    56   selfRecursive2 at stack-trace.js:118:27
+    57   selfRecursive2 at stack-trace.js:118:27
+    58   selfRecursive2 at stack-trace.js:118:27
+    59   selfRecursive2 at stack-trace.js:118:27
+    60   selfRecursive2 at stack-trace.js:118:27
+    61   selfRecursive2 at stack-trace.js:118:27
+    62   selfRecursive2 at stack-trace.js:118:27
+    63   selfRecursive2 at stack-trace.js:118:27
+    64   selfRecursive2 at stack-trace.js:118:27
+    65   selfRecursive2 at stack-trace.js:118:27
+    66   selfRecursive2 at stack-trace.js:118:27
+    67   selfRecursive2 at stack-trace.js:118:27
+    68   selfRecursive2 at stack-trace.js:118:27
+    69   selfRecursive2 at stack-trace.js:118:27
+    70   selfRecursive2 at stack-trace.js:118:27
+    71   selfRecursive2 at stack-trace.js:118:27
+    72   selfRecursive2 at stack-trace.js:118:27
+    73   selfRecursive2 at stack-trace.js:118:27
+    74   selfRecursive2 at stack-trace.js:118:27
+    75   selfRecursive2 at stack-trace.js:118:27
+    76   selfRecursive2 at stack-trace.js:118:27
+    77   selfRecursive2 at stack-trace.js:118:27
+    78   selfRecursive2 at stack-trace.js:118:27
+    79   selfRecursive2 at stack-trace.js:118:27
+    80   selfRecursive2 at stack-trace.js:118:27
+    81   selfRecursive2 at stack-trace.js:118:27
+    82   selfRecursive2 at stack-trace.js:118:27
+    83   selfRecursive2 at stack-trace.js:118:27
+    84   selfRecursive2 at stack-trace.js:118:27
+    85   selfRecursive2 at stack-trace.js:118:27
+    86   selfRecursive2 at stack-trace.js:118:27
+    87   selfRecursive2 at stack-trace.js:118:27
+    88   selfRecursive2 at stack-trace.js:118:27
+    89   selfRecursive2 at stack-trace.js:118:27
+    90   selfRecursive2 at stack-trace.js:118:27
+    91   selfRecursive2 at stack-trace.js:118:27
+    92   selfRecursive2 at stack-trace.js:118:27
+    93   selfRecursive2 at stack-trace.js:118:27
+    94   selfRecursive2 at stack-trace.js:118:27
+    95   selfRecursive2 at stack-trace.js:118:27
+    96   selfRecursive2 at stack-trace.js:118:27
+    97   selfRecursive2 at stack-trace.js:118:27
+    98   selfRecursive2 at stack-trace.js:118:27
+    99   selfRecursive2 at stack-trace.js:118:27
 
 --> Stack Trace matches pattern:
     0    at eval code
@@ -250,111 +250,111 @@ This test checks stack trace corectness in special cases.
     2   selfRecursive3 at stack-trace.js
 
 --> Stack Trace:
-    0   throwError at stack-trace.js:139:20
-    1   valueOf at stack-trace.js:146:27
-    2   getter1 at stack-trace.js:149:9
-    3   nonInlineable at stack-trace.js:175:17
-    4   inlineable at stack-trace.js:183:27
-    5   yetAnotherInlinedCall at stack-trace.js:188:17
-    6   makeInlinableCall at stack-trace.js:193:34
-    7   g at stack-trace.js:202:34
+    0   throwError at stack-trace.js:142:20
+    1   valueOf at stack-trace.js:149:27
+    2   getter1 at stack-trace.js:152:9
+    3   nonInlineable at stack-trace.js:178:17
+    4   inlineable at stack-trace.js:186:27
+    5   yetAnotherInlinedCall at stack-trace.js:191:17
+    6   makeInlinableCall at stack-trace.js:196:34
+    7   g at stack-trace.js:205:34
     8   map at [native code]
-    9   global code at stack-trace.js:205:16
+    9   global code at stack-trace.js:208:16
 
 --> Stack Trace:
-    0   throwError at stack-trace.js:139:20
-    1   getter2 at stack-trace.js:155:9
-    2   nonInlineable at stack-trace.js:177:17
-    3   inlineable at stack-trace.js:183:27
-    4   yetAnotherInlinedCall at stack-trace.js:188:17
-    5   makeInlinableCall at stack-trace.js:193:34
-    6   g at stack-trace.js:202:34
+    0   throwError at stack-trace.js:142:20
+    1   getter2 at stack-trace.js:158:9
+    2   nonInlineable at stack-trace.js:180:17
+    3   inlineable at stack-trace.js:186:27
+    4   yetAnotherInlinedCall at stack-trace.js:191:17
+    5   makeInlinableCall at stack-trace.js:196:34
+    6   g at stack-trace.js:205:34
     7   map at [native code]
-    8   global code at stack-trace.js:205:16
+    8   global code at stack-trace.js:208:16
 
 --> Stack Trace:
-    0   throwError at stack-trace.js:139:20
-    1   getter3 at stack-trace.js:167:13
-    2   nonInlineable at stack-trace.js:179:17
-    3   inlineable at stack-trace.js:183:27
-    4   yetAnotherInlinedCall at stack-trace.js:188:17
-    5   makeInlinableCall at stack-trace.js:193:34
-    6   g at stack-trace.js:202:34
+    0   throwError at stack-trace.js:142:20
+    1   getter3 at stack-trace.js:170:13
+    2   nonInlineable at stack-trace.js:182:17
+    3   inlineable at stack-trace.js:186:27
+    4   yetAnotherInlinedCall at stack-trace.js:191:17
+    5   makeInlinableCall at stack-trace.js:196:34
+    6   g at stack-trace.js:205:34
     7   map at [native code]
-    8   global code at stack-trace.js:205:16
+    8   global code at stack-trace.js:208:16
 
 --> Stack Trace:
-    0   throwError at stack-trace.js:139:20
-    1   valueOf at stack-trace.js:163:27
-    2   getter3 at stack-trace.js:169:13
-    3   nonInlineable at stack-trace.js:179:17
-    4   inlineable at stack-trace.js:183:27
-    5   yetAnotherInlinedCall at stack-trace.js:188:17
-    6   makeInlinableCall at stack-trace.js:193:34
-    7   g at stack-trace.js:202:34
+    0   throwError at stack-trace.js:142:20
+    1   valueOf at stack-trace.js:166:27
+    2   getter3 at stack-trace.js:172:13
+    3   nonInlineable at stack-trace.js:182:17
+    4   inlineable at stack-trace.js:186:27
+    5   yetAnotherInlinedCall at stack-trace.js:191:17
+    6   makeInlinableCall at stack-trace.js:196:34
+    7   g at stack-trace.js:205:34
     8   map at [native code]
-    9   global code at stack-trace.js:205:16
+    9   global code at stack-trace.js:208:16
 
 --> Stack Trace:
-    0   h at stack-trace.js:213:24
+    0   h at stack-trace.js:216:24
     1   map at [native code]
-    2   mapTest at stack-trace.js:220:10
-    3   mapTestDriver at stack-trace.js:226:16
-    4   global code at stack-trace.js:231:18
+    2   mapTest at stack-trace.js:223:10
+    3   mapTestDriver at stack-trace.js:229:16
+    4   global code at stack-trace.js:234:18
 
 --> Stack Trace:
     0   map at [native code]
-    1   h at stack-trace.js:215:21
+    1   h at stack-trace.js:218:21
     2   map at [native code]
-    3   mapTest at stack-trace.js:220:10
-    4   mapTestDriver at stack-trace.js:226:16
-    5   global code at stack-trace.js:237:18
+    3   mapTest at stack-trace.js:223:10
+    4   mapTestDriver at stack-trace.js:229:16
+    5   global code at stack-trace.js:240:18
 
 --> Stack Trace:
-    0   throwError at stack-trace.js:139:20
-    1   dfgFunction at stack-trace.js:246:19
+    0   throwError at stack-trace.js:142:20
+    1   dfgFunction at stack-trace.js:249:19
     2   map at [native code]
-    3   global code at stack-trace.js:255:18
+    3   global code at stack-trace.js:258:18
 
 --> Stack Trace:
-    0   throwError at stack-trace.js:139:20
-    1   dfgFunction at stack-trace.js:246:19
-    2   f at stack-trace.js:264:10
-    3   global code at stack-trace.js:270:6
+    0   throwError at stack-trace.js:142:20
+    1   dfgFunction at stack-trace.js:249:19
+    2   f at stack-trace.js:267:10
+    3   global code at stack-trace.js:273:6
 
 --> Stack Trace:
-    0   willThrow at stack-trace.js:308:28
-    1   dfg1 at stack-trace.js:319:13
-    2   dfg2 at stack-trace.js:323:9
-    3   dfg3 at stack-trace.js:327:9
-    4   dfgTest at stack-trace.js:293:14
-    5   global code at stack-trace.js:366:8
+    0   willThrow at stack-trace.js:311:28
+    1   dfg1 at stack-trace.js:322:13
+    2   dfg2 at stack-trace.js:326:9
+    3   dfg3 at stack-trace.js:330:9
+    4   dfgTest at stack-trace.js:296:14
+    5   global code at stack-trace.js:369:8
 
 --> Stack Trace:
-    0   willThrowFunc at stack-trace.js:313:69
-    1   dfg4 at stack-trace.js:331:27
-    2   dfg5 at stack-trace.js:335:9
-    3   dfg6 at stack-trace.js:339:9
-    4   dfgTest at stack-trace.js:293:14
-    5   global code at stack-trace.js:367:8
+    0   willThrowFunc at stack-trace.js:316:69
+    1   dfg4 at stack-trace.js:334:27
+    2   dfg5 at stack-trace.js:338:9
+    3   dfg6 at stack-trace.js:342:9
+    4   dfgTest at stack-trace.js:296:14
+    5   global code at stack-trace.js:370:8
 
 --> Stack Trace:
-    0   inlineableThrow at stack-trace.js:302:40
-    1   willThrowEventually at stack-trace.js:311:24
-    2   dfg7 at stack-trace.js:343:13
-    3   dfg8 at stack-trace.js:347:9
-    4   dfg9 at stack-trace.js:351:9
-    5   dfgTest at stack-trace.js:293:14
-    6   global code at stack-trace.js:368:8
+    0   inlineableThrow at stack-trace.js:305:40
+    1   willThrowEventually at stack-trace.js:314:24
+    2   dfg7 at stack-trace.js:346:13
+    3   dfg8 at stack-trace.js:350:9
+    4   dfg9 at stack-trace.js:354:9
+    5   dfgTest at stack-trace.js:296:14
+    6   global code at stack-trace.js:371:8
 
 --> Stack Trace:
-    0   inlineableThrow at stack-trace.js:302:40
-    1   willThrowEventuallyFunc at stack-trace.js:314:59
-    2   dfga at stack-trace.js:355:37
-    3   dfgb at stack-trace.js:359:9
-    4   dfgc at stack-trace.js:363:9
-    5   dfgTest at stack-trace.js:293:14
-    6   global code at stack-trace.js:369:8
+    0   inlineableThrow at stack-trace.js:305:40
+    1   willThrowEventuallyFunc at stack-trace.js:317:59
+    2   dfga at stack-trace.js:358:37
+    3   dfgb at stack-trace.js:362:9
+    4   dfgc at stack-trace.js:366:9
+    5   dfgTest at stack-trace.js:296:14
+    6   global code at stack-trace.js:372:8
 
 PASS successfullyParsed is true
 
index 9e4f970..480b327 100644 (file)
@@ -1,3 +1,285 @@
+2017-11-24  Mark Lam  <mark.lam@apple.com>
+
+        Move unsafe jsc shell test functions to the $vm object.
+        https://bugs.webkit.org/show_bug.cgi?id=179980
+
+        Reviewed by Yusuke Suzuki.
+
+        Also removed setElementRoot() which was not used.
+
+        * jsc.cpp:
+        (GlobalObject::finishCreation):
+        (WTF::Element::Element): Deleted.
+        (WTF::Element::root const): Deleted.
+        (WTF::Element::setRoot): Deleted.
+        (WTF::Element::create): Deleted.
+        (WTF::Element::visitChildren): Deleted.
+        (WTF::Element::createStructure): Deleted.
+        (WTF::Root::Root): Deleted.
+        (WTF::Root::element): Deleted.
+        (WTF::Root::setElement): Deleted.
+        (WTF::Root::create): Deleted.
+        (WTF::Root::createStructure): Deleted.
+        (WTF::Root::visitChildren): Deleted.
+        (WTF::ImpureGetter::ImpureGetter): Deleted.
+        (WTF::ImpureGetter::createStructure): Deleted.
+        (WTF::ImpureGetter::create): Deleted.
+        (WTF::ImpureGetter::finishCreation): Deleted.
+        (WTF::ImpureGetter::getOwnPropertySlot): Deleted.
+        (WTF::ImpureGetter::visitChildren): Deleted.
+        (WTF::ImpureGetter::setDelegate): Deleted.
+        (WTF::CustomGetter::CustomGetter): Deleted.
+        (WTF::CustomGetter::createStructure): Deleted.
+        (WTF::CustomGetter::create): Deleted.
+        (WTF::CustomGetter::getOwnPropertySlot): Deleted.
+        (WTF::CustomGetter::customGetter): Deleted.
+        (WTF::CustomGetter::customGetterAcessor): Deleted.
+        (WTF::RuntimeArray::create): Deleted.
+        (WTF::RuntimeArray::~RuntimeArray): Deleted.
+        (WTF::RuntimeArray::destroy): Deleted.
+        (WTF::RuntimeArray::getOwnPropertySlot): Deleted.
+        (WTF::RuntimeArray::getOwnPropertySlotByIndex): Deleted.
+        (WTF::RuntimeArray::put): Deleted.
+        (WTF::RuntimeArray::deleteProperty): Deleted.
+        (WTF::RuntimeArray::getLength const): Deleted.
+        (WTF::RuntimeArray::createPrototype): Deleted.
+        (WTF::RuntimeArray::createStructure): Deleted.
+        (WTF::RuntimeArray::finishCreation): Deleted.
+        (WTF::RuntimeArray::RuntimeArray): Deleted.
+        (WTF::RuntimeArray::lengthGetter): Deleted.
+        (WTF::SimpleObject::SimpleObject): Deleted.
+        (WTF::SimpleObject::create): Deleted.
+        (WTF::SimpleObject::visitChildren): Deleted.
+        (WTF::SimpleObject::createStructure): Deleted.
+        (WTF::SimpleObject::hiddenValue): Deleted.
+        (WTF::SimpleObject::setHiddenValue): Deleted.
+        (WTF::DOMJITNode::DOMJITNode): Deleted.
+        (WTF::DOMJITNode::createStructure): Deleted.
+        (WTF::DOMJITNode::checkSubClassSnippet): Deleted.
+        (WTF::DOMJITNode::create): Deleted.
+        (WTF::DOMJITNode::value const): Deleted.
+        (WTF::DOMJITNode::offsetOfValue): Deleted.
+        (WTF::DOMJITGetter::DOMJITGetter): Deleted.
+        (WTF::DOMJITGetter::createStructure): Deleted.
+        (WTF::DOMJITGetter::create): Deleted.
+        (WTF::DOMJITGetter::DOMJITAttribute::DOMJITAttribute): Deleted.
+        (WTF::DOMJITGetter::DOMJITAttribute::slowCall): Deleted.
+        (WTF::DOMJITGetter::DOMJITAttribute::callDOMGetter): Deleted.
+        (WTF::DOMJITGetter::customGetter): Deleted.
+        (WTF::DOMJITGetter::finishCreation): Deleted.
+        (WTF::DOMJITGetterComplex::DOMJITGetterComplex): Deleted.
+        (WTF::DOMJITGetterComplex::createStructure): Deleted.
+        (WTF::DOMJITGetterComplex::create): Deleted.
+        (WTF::DOMJITGetterComplex::DOMJITAttribute::DOMJITAttribute): Deleted.
+        (WTF::DOMJITGetterComplex::DOMJITAttribute::slowCall): Deleted.
+        (WTF::DOMJITGetterComplex::DOMJITAttribute::callDOMGetter): Deleted.
+        (WTF::DOMJITGetterComplex::functionEnableException): Deleted.
+        (WTF::DOMJITGetterComplex::customGetter): Deleted.
+        (WTF::DOMJITGetterComplex::finishCreation): Deleted.
+        (WTF::DOMJITFunctionObject::DOMJITFunctionObject): Deleted.
+        (WTF::DOMJITFunctionObject::createStructure): Deleted.
+        (WTF::DOMJITFunctionObject::create): Deleted.
+        (WTF::DOMJITFunctionObject::safeFunction): Deleted.
+        (WTF::DOMJITFunctionObject::unsafeFunction): Deleted.
+        (WTF::DOMJITFunctionObject::checkSubClassSnippet): Deleted.
+        (WTF::DOMJITFunctionObject::finishCreation): Deleted.
+        (WTF::DOMJITCheckSubClassObject::DOMJITCheckSubClassObject): Deleted.
+        (WTF::DOMJITCheckSubClassObject::createStructure): Deleted.
+        (WTF::DOMJITCheckSubClassObject::create): Deleted.
+        (WTF::DOMJITCheckSubClassObject::safeFunction): Deleted.
+        (WTF::DOMJITCheckSubClassObject::unsafeFunction): Deleted.
+        (WTF::DOMJITCheckSubClassObject::finishCreation): Deleted.
+        (WTF::DOMJITGetterBaseJSObject::DOMJITGetterBaseJSObject): Deleted.
+        (WTF::DOMJITGetterBaseJSObject::createStructure): Deleted.
+        (WTF::DOMJITGetterBaseJSObject::create): Deleted.
+        (WTF::DOMJITGetterBaseJSObject::DOMJITAttribute::DOMJITAttribute): Deleted.
+        (WTF::DOMJITGetterBaseJSObject::DOMJITAttribute::slowCall): Deleted.
+        (WTF::DOMJITGetterBaseJSObject::DOMJITAttribute::callDOMGetter): Deleted.
+        (WTF::DOMJITGetterBaseJSObject::customGetter): Deleted.
+        (WTF::DOMJITGetterBaseJSObject::finishCreation): Deleted.
+        (WTF::Element::handleOwner): Deleted.
+        (WTF::Element::finishCreation): Deleted.
+        (JSTestCustomGetterSetter::JSTestCustomGetterSetter): Deleted.
+        (JSTestCustomGetterSetter::create): Deleted.
+        (JSTestCustomGetterSetter::createStructure): Deleted.
+        (customGetAccessor): Deleted.
+        (customGetValue): Deleted.
+        (customSetAccessor): Deleted.
+        (customSetValue): Deleted.
+        (JSTestCustomGetterSetter::finishCreation): Deleted.
+        (GlobalObject::addConstructableFunction): Deleted.
+        (functionCreateRoot): Deleted.
+        (functionCreateElement): Deleted.
+        (functionGetElement): Deleted.
+        (functionSetElementRoot): Deleted.
+        (functionCreateSimpleObject): Deleted.
+        (functionGetHiddenValue): Deleted.
+        (functionSetHiddenValue): Deleted.
+        (functionCreateProxy): Deleted.
+        (functionCreateRuntimeArray): Deleted.
+        (functionCreateImpureGetter): Deleted.
+        (functionCreateCustomGetterObject): Deleted.
+        (functionCreateDOMJITNodeObject): Deleted.
+        (functionCreateDOMJITGetterObject): Deleted.
+        (functionCreateDOMJITGetterComplexObject): Deleted.
+        (functionCreateDOMJITFunctionObject): Deleted.
+        (functionCreateDOMJITCheckSubClassObject): Deleted.
+        (functionCreateDOMJITGetterBaseJSObject): Deleted.
+        (functionSetImpureGetterDelegate): Deleted.
+        (functionGetGetterSetter): Deleted.
+        (functionShadowChickenFunctionsOnStack): Deleted.
+        (functionSetGlobalConstRedeclarationShouldNotThrow): Deleted.
+        (functionGlobalObjectForObject): Deleted.
+        (functionLoadGetterFromGetterSetter): Deleted.
+        (functionCreateCustomTestGetterSetter): Deleted.
+        (functionAbort): Deleted.
+        (functionFindTypeForExpression): Deleted.
+        (functionReturnTypeFor): Deleted.
+        (functionDumpBasicBlockExecutionRanges): Deleted.
+        (functionHasBasicBlockExecuted): Deleted.
+        (functionBasicBlockExecutionCount): Deleted.
+        (functionEnableExceptionFuzz): Deleted.
+        (functionCreateBuiltin): Deleted.
+        * runtime/JSGlobalObject.cpp:
+        (JSC::JSGlobalObject::init):
+        * tools/JSDollarVM.cpp:
+        (WTF::Element::Element):
+        (WTF::Element::root const):
+        (WTF::Element::setRoot):
+        (WTF::Element::create):
+        (WTF::Element::visitChildren):
+        (WTF::Element::createStructure):
+        (WTF::Root::Root):
+        (WTF::Root::element):
+        (WTF::Root::setElement):
+        (WTF::Root::create):
+        (WTF::Root::createStructure):
+        (WTF::Root::visitChildren):
+        (WTF::SimpleObject::SimpleObject):
+        (WTF::SimpleObject::create):
+        (WTF::SimpleObject::visitChildren):
+        (WTF::SimpleObject::createStructure):
+        (WTF::SimpleObject::hiddenValue):
+        (WTF::SimpleObject::setHiddenValue):
+        (WTF::ImpureGetter::ImpureGetter):
+        (WTF::ImpureGetter::createStructure):
+        (WTF::ImpureGetter::create):
+        (WTF::ImpureGetter::finishCreation):
+        (WTF::ImpureGetter::getOwnPropertySlot):
+        (WTF::ImpureGetter::visitChildren):
+        (WTF::ImpureGetter::setDelegate):
+        (WTF::CustomGetter::CustomGetter):
+        (WTF::CustomGetter::createStructure):
+        (WTF::CustomGetter::create):
+        (WTF::CustomGetter::getOwnPropertySlot):
+        (WTF::CustomGetter::customGetter):
+        (WTF::CustomGetter::customGetterAcessor):
+        (WTF::RuntimeArray::create):
+        (WTF::RuntimeArray::~RuntimeArray):
+        (WTF::RuntimeArray::destroy):
+        (WTF::RuntimeArray::getOwnPropertySlot):
+        (WTF::RuntimeArray::getOwnPropertySlotByIndex):
+        (WTF::RuntimeArray::put):
+        (WTF::RuntimeArray::deleteProperty):
+        (WTF::RuntimeArray::getLength const):
+        (WTF::RuntimeArray::createPrototype):
+        (WTF::RuntimeArray::createStructure):
+        (WTF::RuntimeArray::finishCreation):
+        (WTF::RuntimeArray::RuntimeArray):
+        (WTF::RuntimeArray::lengthGetter):
+        (WTF::DOMJITNode::DOMJITNode):
+        (WTF::DOMJITNode::createStructure):
+        (WTF::DOMJITNode::checkSubClassSnippet):
+        (WTF::DOMJITNode::create):
+        (WTF::DOMJITNode::value const):
+        (WTF::DOMJITNode::offsetOfValue):
+        (WTF::DOMJITGetter::DOMJITGetter):
+        (WTF::DOMJITGetter::createStructure):
+        (WTF::DOMJITGetter::create):
+        (WTF::DOMJITGetter::DOMJITAttribute::DOMJITAttribute):
+        (WTF::DOMJITGetter::DOMJITAttribute::slowCall):
+        (WTF::DOMJITGetter::DOMJITAttribute::callDOMGetter):
+        (WTF::DOMJITGetter::customGetter):
+        (WTF::DOMJITGetter::finishCreation):
+        (WTF::DOMJITGetterComplex::DOMJITGetterComplex):
+        (WTF::DOMJITGetterComplex::createStructure):
+        (WTF::DOMJITGetterComplex::create):
+        (WTF::DOMJITGetterComplex::DOMJITAttribute::DOMJITAttribute):
+        (WTF::DOMJITGetterComplex::DOMJITAttribute::slowCall):
+        (WTF::DOMJITGetterComplex::DOMJITAttribute::callDOMGetter):
+        (WTF::DOMJITGetterComplex::functionEnableException):
+        (WTF::DOMJITGetterComplex::customGetter):
+        (WTF::DOMJITGetterComplex::finishCreation):
+        (WTF::DOMJITFunctionObject::DOMJITFunctionObject):
+        (WTF::DOMJITFunctionObject::createStructure):
+        (WTF::DOMJITFunctionObject::create):
+        (WTF::DOMJITFunctionObject::safeFunction):
+        (WTF::DOMJITFunctionObject::unsafeFunction):
+        (WTF::DOMJITFunctionObject::checkSubClassSnippet):
+        (WTF::DOMJITFunctionObject::finishCreation):
+        (WTF::DOMJITCheckSubClassObject::DOMJITCheckSubClassObject):
+        (WTF::DOMJITCheckSubClassObject::createStructure):
+        (WTF::DOMJITCheckSubClassObject::create):
+        (WTF::DOMJITCheckSubClassObject::safeFunction):
+        (WTF::DOMJITCheckSubClassObject::unsafeFunction):
+        (WTF::DOMJITCheckSubClassObject::finishCreation):
+        (WTF::DOMJITGetterBaseJSObject::DOMJITGetterBaseJSObject):
+        (WTF::DOMJITGetterBaseJSObject::createStructure):
+        (WTF::DOMJITGetterBaseJSObject::create):
+        (WTF::DOMJITGetterBaseJSObject::DOMJITAttribute::DOMJITAttribute):
+        (WTF::DOMJITGetterBaseJSObject::DOMJITAttribute::slowCall):
+        (WTF::DOMJITGetterBaseJSObject::DOMJITAttribute::callDOMGetter):
+        (WTF::DOMJITGetterBaseJSObject::customGetter):
+        (WTF::DOMJITGetterBaseJSObject::finishCreation):
+        (WTF::Message::releaseContents):
+        (WTF::Message::index const):
+        (WTF::JSTestCustomGetterSetter::JSTestCustomGetterSetter):
+        (WTF::JSTestCustomGetterSetter::create):
+        (WTF::JSTestCustomGetterSetter::createStructure):
+        (WTF::customGetAccessor):
+        (WTF::customGetValue):
+        (WTF::customSetAccessor):
+        (WTF::customSetValue):
+        (WTF::JSTestCustomGetterSetter::finishCreation):
+        (WTF::Element::handleOwner):
+        (WTF::Element::finishCreation):
+        (JSC::functionCrash):
+        (JSC::functionCreateProxy):
+        (JSC::functionCreateRuntimeArray):
+        (JSC::functionCreateImpureGetter):
+        (JSC::functionCreateCustomGetterObject):
+        (JSC::functionCreateDOMJITNodeObject):
+        (JSC::functionCreateDOMJITGetterObject):
+        (JSC::functionCreateDOMJITGetterComplexObject):
+        (JSC::functionCreateDOMJITFunctionObject):
+        (JSC::functionCreateDOMJITCheckSubClassObject):
+        (JSC::functionCreateDOMJITGetterBaseJSObject):
+        (JSC::functionSetImpureGetterDelegate):
+        (JSC::functionCreateBuiltin):
+        (JSC::functionCreateRoot):
+        (JSC::functionCreateElement):
+        (JSC::functionGetElement):
+        (JSC::functionCreateSimpleObject):
+        (JSC::functionGetHiddenValue):
+        (JSC::functionSetHiddenValue):
+        (JSC::functionShadowChickenFunctionsOnStack):
+        (JSC::functionSetGlobalConstRedeclarationShouldNotThrow):
+        (JSC::functionFindTypeForExpression):
+        (JSC::functionReturnTypeFor):
+        (JSC::functionDumpBasicBlockExecutionRanges):
+        (JSC::functionHasBasicBlockExecuted):
+        (JSC::functionBasicBlockExecutionCount):
+        (JSC::functionEnableExceptionFuzz):
+        (JSC::functionGlobalObjectForObject):
+        (JSC::functionGetGetterSetter):
+        (JSC::functionLoadGetterFromGetterSetter):
+        (JSC::functionCreateCustomTestGetterSetter):
+        (JSC::JSDollarVM::finishCreation):
+        (JSC::JSDollarVM::addFunction):
+        (JSC::JSDollarVM::addConstructibleFunction):
+        * tools/JSDollarVM.h:
+        (JSC::JSDollarVM::create):
+
 2017-11-23  Simon Fraser  <simon.fraser@apple.com>
 
         Minor ArrayBufferView cleanup
index b9f7830..75eacac 100644 (file)
 
 #include "ArrayBuffer.h"
 #include "ArrayPrototype.h"
-#include "BuiltinExecutableCreator.h"
 #include "BuiltinNames.h"
 #include "ButterflyInlines.h"
 #include "CatchScope.h"
 #include "CodeBlock.h"
 #include "Completion.h"
 #include "ConfigFile.h"
-#include "DOMAttributeGetterSetter.h"
-#include "DOMJITGetterSetter.h"
 #include "Disassembler.h"
 #include "Exception.h"
 #include "ExceptionHelpers.h"
-#include "FrameTracers.h"
-#include "GetterSetter.h"
 #include "HeapProfiler.h"
 #include "HeapSnapshotBuilder.h"
 #include "InitializeThreading.h"
@@ -53,7 +48,6 @@
 #include "JSModuleLoader.h"
 #include "JSNativeStdFunction.h"
 #include "JSONObject.h"
-#include "JSProxy.h"
 #include "JSSourceCode.h"
 #include "JSString.h"
 #include "JSTypedArrays.h"
 #include "ProtoCallFrame.h"
 #include "ReleaseHeapAccessScope.h"
 #include "SamplingProfiler.h"
-#include "ShadowChicken.h"
-#include "Snippet.h"
-#include "SnippetParams.h"
 #include "StackVisitor.h"
 #include "StructureInlines.h"
 #include "StructureRareDataInlines.h"
 #include "SuperSampler.h"
 #include "TestRunnerUtils.h"
-#include "TypeProfiler.h"
-#include "TypeProfilerLog.h"
 #include "TypedArrayInlines.h"
 #include "WasmContext.h"
 #include "WasmFaultSignalHandler.h"
@@ -162,64 +151,6 @@ NO_RETURN_WITH_VALUE static void jscExit(int status)
     exit(status);
 }
 
-class Element;
-class ElementHandleOwner;
-class Masuqerader;
-class Root;
-class RuntimeArray;
-
-class Element : public JSNonFinalObject {
-public:
-    Element(VM& vm, Structure* structure)
-        : Base(vm, structure)
-    {
-    }
-
-    typedef JSNonFinalObject Base;
-
-    Root* root() const { return m_root.get(); }
-    void setRoot(VM& vm, Root* root) { m_root.set(vm, this, root); }
-
-    static Element* create(VM& vm, JSGlobalObject* globalObject, Root* root)
-    {
-        Structure* structure = createStructure(vm, globalObject, jsNull());
-        Element* element = new (NotNull, allocateCell<Element>(vm.heap, sizeof(Element))) Element(vm, structure);
-        element->finishCreation(vm, root);
-        return element;
-    }
-
-    void finishCreation(VM&, Root*);
-
-    static void visitChildren(JSCell* cell, SlotVisitor& visitor)
-    {
-        Element* thisObject = jsCast<Element*>(cell);
-        ASSERT_GC_OBJECT_INHERITS(thisObject, info());
-        Base::visitChildren(thisObject, visitor);
-        visitor.append(thisObject->m_root);
-    }
-
-    static ElementHandleOwner* handleOwner();
-
-    static Structure* createStructure(VM& vm, JSGlobalObject* globalObject, JSValue prototype)
-    {
-        return Structure::create(vm, globalObject, prototype, TypeInfo(ObjectType, StructureFlags), info());
-    }
-
-    DECLARE_INFO;
-
-private:
-    WriteBarrier<Root> m_root;
-};
-
-class ElementHandleOwner : public WeakHandleOwner {
-public:
-    bool isReachableFromOpaqueRoots(Handle<JSC::Unknown> handle, void*, SlotVisitor& visitor) override
-    {
-        Element* element = jsCast<Element*>(handle.slot()->asCell());
-        return visitor.containsOpaqueRoot(element->root());
-    }
-};
-
 class Masquerader : public JSNonFinalObject {
 public:
     Masquerader(VM& vm, Structure* structure)
@@ -247,835 +178,10 @@ public:
     DECLARE_INFO;
 };
 
-class Root : public JSDestructibleObject {
-public:
-    Root(VM& vm, Structure* structure)
-        : Base(vm, structure)
-    {
-    }
-
-    Element* element()
-    {
-        return m_element.get();
-    }
-
-    void setElement(Element* element)
-    {
-        Weak<Element> newElement(element, Element::handleOwner());
-        m_element.swap(newElement);
-    }
-
-    static Root* create(VM& vm, JSGlobalObject* globalObject)
-    {
-        Structure* structure = createStructure(vm, globalObject, jsNull());
-        Root* root = new (NotNull, allocateCell<Root>(vm.heap, sizeof(Root))) Root(vm, structure);
-        root->finishCreation(vm);
-        return root;
-    }
-
-    typedef JSDestructibleObject Base;
-
-    DECLARE_INFO;
-
-    static Structure* createStructure(VM& vm, JSGlobalObject* globalObject, JSValue prototype)
-    {
-        return Structure::create(vm, globalObject, prototype, TypeInfo(ObjectType, StructureFlags), info());
-    }
-
-    static void visitChildren(JSCell* thisObject, SlotVisitor& visitor)
-    {
-        Base::visitChildren(thisObject, visitor);
-        visitor.addOpaqueRoot(thisObject);
-    }
-
-private:
-    Weak<Element> m_element;
-};
-
-class ImpureGetter : public JSNonFinalObject {
-public:
-    ImpureGetter(VM& vm, Structure* structure)
-        : Base(vm, structure)
-    {
-    }
-
-    DECLARE_INFO;
-    typedef JSNonFinalObject Base;
-    static const unsigned StructureFlags = Base::StructureFlags | JSC::GetOwnPropertySlotIsImpure | JSC::OverridesGetOwnPropertySlot;
-
-    static Structure* createStructure(VM& vm, JSGlobalObject* globalObject, JSValue prototype)
-    {
-        return Structure::create(vm, globalObject, prototype, TypeInfo(ObjectType, StructureFlags), info());
-    }
-
-    static ImpureGetter* create(VM& vm, Structure* structure, JSObject* delegate)
-    {
-        ImpureGetter* getter = new (NotNull, allocateCell<ImpureGetter>(vm.heap, sizeof(ImpureGetter))) ImpureGetter(vm, structure);
-        getter->finishCreation(vm, delegate);
-        return getter;
-    }
-
-    void finishCreation(VM& vm, JSObject* delegate)
-    {
-        Base::finishCreation(vm);
-        if (delegate)
-            m_delegate.set(vm, this, delegate);
-    }
-
-    static bool getOwnPropertySlot(JSObject* object, ExecState* exec, PropertyName name, PropertySlot& slot)
-    {
-        VM& vm = exec->vm();
-        auto scope = DECLARE_THROW_SCOPE(vm);
-        ImpureGetter* thisObject = jsCast<ImpureGetter*>(object);
-        
-        if (thisObject->m_delegate) {
-            if (thisObject->m_delegate->getPropertySlot(exec, name, slot))
-                return true;
-            RETURN_IF_EXCEPTION(scope, false);
-        }
-
-        return Base::getOwnPropertySlot(object, exec, name, slot);
-    }
-
-    static void visitChildren(JSCell* cell, SlotVisitor& visitor)
-    {
-        Base::visitChildren(cell, visitor);
-        ImpureGetter* thisObject = jsCast<ImpureGetter*>(cell);
-        visitor.append(thisObject->m_delegate);
-    }
-
-    void setDelegate(VM& vm, JSObject* delegate)
-    {
-        m_delegate.set(vm, this, delegate);
-    }
-
-private:
-    WriteBarrier<JSObject> m_delegate;
-};
-
-class CustomGetter : public JSNonFinalObject {
-public:
-    CustomGetter(VM& vm, Structure* structure)
-        : Base(vm, structure)
-    {
-    }
-
-    DECLARE_INFO;
-    typedef JSNonFinalObject Base;
-    static const unsigned StructureFlags = Base::StructureFlags | JSC::OverridesGetOwnPropertySlot;
-
-    static Structure* createStructure(VM& vm, JSGlobalObject* globalObject, JSValue prototype)
-    {
-        return Structure::create(vm, globalObject, prototype, TypeInfo(ObjectType, StructureFlags), info());
-    }
-
-    static CustomGetter* create(VM& vm, Structure* structure)
-    {
-        CustomGetter* getter = new (NotNull, allocateCell<CustomGetter>(vm.heap, sizeof(CustomGetter))) CustomGetter(vm, structure);
-        getter->finishCreation(vm);
-        return getter;
-    }
-
-    static bool getOwnPropertySlot(JSObject* object, ExecState* exec, PropertyName propertyName, PropertySlot& slot)
-    {
-        CustomGetter* thisObject = jsCast<CustomGetter*>(object);
-        if (propertyName == PropertyName(Identifier::fromString(exec, "customGetter"))) {
-            slot.setCacheableCustom(thisObject, PropertyAttribute::DontDelete | PropertyAttribute::ReadOnly | PropertyAttribute::DontEnum, thisObject->customGetter);
-            return true;
-        }
-        
-        if (propertyName == PropertyName(Identifier::fromString(exec, "customGetterAccessor"))) {
-            slot.setCacheableCustom(thisObject, PropertyAttribute::DontDelete | PropertyAttribute::ReadOnly | PropertyAttribute::DontEnum | PropertyAttribute::CustomAccessor, thisObject->customGetterAcessor);
-            return true;
-        }
-        
-        return JSObject::getOwnPropertySlot(thisObject, exec, propertyName, slot);
-    }
-
-private:
-    static EncodedJSValue customGetter(ExecState* exec, EncodedJSValue thisValue, PropertyName)
-    {
-        VM& vm = exec->vm();
-        auto scope = DECLARE_THROW_SCOPE(vm);
-
-        CustomGetter* thisObject = jsDynamicCast<CustomGetter*>(vm, JSValue::decode(thisValue));
-        if (!thisObject)
-            return throwVMTypeError(exec, scope);
-        bool shouldThrow = thisObject->get(exec, PropertyName(Identifier::fromString(exec, "shouldThrow"))).toBoolean(exec);
-        RETURN_IF_EXCEPTION(scope, encodedJSValue());
-        if (shouldThrow)
-            return throwVMTypeError(exec, scope);
-        return JSValue::encode(jsNumber(100));
-    }
-    
-    static EncodedJSValue customGetterAcessor(ExecState* exec, EncodedJSValue thisValue, PropertyName)
-    {
-        VM& vm = exec->vm();
-        auto scope = DECLARE_THROW_SCOPE(vm);
-        
-        JSObject* thisObject = jsDynamicCast<JSObject*>(vm, JSValue::decode(thisValue));
-        if (!thisObject)
-            return throwVMTypeError(exec, scope);
-        bool shouldThrow = thisObject->get(exec, PropertyName(Identifier::fromString(exec, "shouldThrow"))).toBoolean(exec);
-        RETURN_IF_EXCEPTION(scope, encodedJSValue());
-        if (shouldThrow)
-            return throwVMTypeError(exec, scope);
-        return JSValue::encode(jsNumber(100));
-    }
-};
-
-class RuntimeArray : public JSArray {
-public:
-    typedef JSArray Base;
-    static const unsigned StructureFlags = Base::StructureFlags | OverridesGetOwnPropertySlot | InterceptsGetOwnPropertySlotByIndexEvenWhenLengthIsNotZero | OverridesGetPropertyNames;
-
-    static RuntimeArray* create(ExecState* exec)
-    {
-        VM& vm = exec->vm();
-        JSGlobalObject* globalObject = exec->lexicalGlobalObject();
-        Structure* structure = createStructure(vm, globalObject, createPrototype(vm, globalObject));
-        RuntimeArray* runtimeArray = new (NotNull, allocateCell<RuntimeArray>(vm.heap)) RuntimeArray(exec, structure);
-        runtimeArray->finishCreation(exec);
-        vm.heap.addFinalizer(runtimeArray, destroy);
-        return runtimeArray;
-    }
-
-    ~RuntimeArray() { }
-
-    static void destroy(JSCell* cell)
-    {
-        static_cast<RuntimeArray*>(cell)->RuntimeArray::~RuntimeArray();
-    }
-
-    static const bool needsDestruction = false;
-
-    static bool getOwnPropertySlot(JSObject* object, ExecState* exec, PropertyName propertyName, PropertySlot& slot)
-    {
-        VM& vm = exec->vm();
-        RuntimeArray* thisObject = jsCast<RuntimeArray*>(object);
-        if (propertyName == vm.propertyNames->length) {
-            slot.setCacheableCustom(thisObject, PropertyAttribute::DontDelete | PropertyAttribute::ReadOnly | PropertyAttribute::DontEnum, thisObject->lengthGetter);
-            return true;
-        }
-
-        std::optional<uint32_t> index = parseIndex(propertyName);
-        if (index && index.value() < thisObject->getLength()) {
-            slot.setValue(thisObject, PropertyAttribute::DontDelete | PropertyAttribute::DontEnum, jsNumber(thisObject->m_vector[index.value()]));
-            return true;
-        }
-
-        return JSObject::getOwnPropertySlot(thisObject, exec, propertyName, slot);
-    }
-
-    static bool getOwnPropertySlotByIndex(JSObject* object, ExecState* exec, unsigned index, PropertySlot& slot)
-    {
-        RuntimeArray* thisObject = jsCast<RuntimeArray*>(object);
-        if (index < thisObject->getLength()) {
-            slot.setValue(thisObject, PropertyAttribute::DontDelete | PropertyAttribute::DontEnum, jsNumber(thisObject->m_vector[index]));
-            return true;
-        }
-
-        return JSObject::getOwnPropertySlotByIndex(thisObject, exec, index, slot);
-    }
-
-    static NO_RETURN_DUE_TO_CRASH bool put(JSCell*, ExecState*, PropertyName, JSValue, PutPropertySlot&)
-    {
-        RELEASE_ASSERT_NOT_REACHED();
-    }
-
-    static NO_RETURN_DUE_TO_CRASH bool deleteProperty(JSCell*, ExecState*, PropertyName)
-    {
-        RELEASE_ASSERT_NOT_REACHED();
-    }
-
-    unsigned getLength() const { return m_vector.size(); }
-
-    DECLARE_INFO;
-
-    static ArrayPrototype* createPrototype(VM&, JSGlobalObject* globalObject)
-    {
-        return globalObject->arrayPrototype();
-    }
-
-    static Structure* createStructure(VM& vm, JSGlobalObject* globalObject, JSValue prototype)
-    {
-        return Structure::create(vm, globalObject, prototype, TypeInfo(DerivedArrayType, StructureFlags), info(), ArrayClass);
-    }
-
-protected:
-    void finishCreation(ExecState* exec)
-    {
-        VM& vm = exec->vm();
-        Base::finishCreation(vm);
-        ASSERT(inherits(vm, info()));
-
-        for (size_t i = 0; i < exec->argumentCount(); i++)
-            m_vector.append(exec->argument(i).toInt32(exec));
-    }
-
-private:
-    RuntimeArray(ExecState* exec, Structure* structure)
-        : JSArray(exec->vm(), structure, 0)
-    {
-    }
-
-    static EncodedJSValue lengthGetter(ExecState* exec, EncodedJSValue thisValue, PropertyName)
-    {
-        VM& vm = exec->vm();
-        auto scope = DECLARE_THROW_SCOPE(vm);
-
-        RuntimeArray* thisObject = jsDynamicCast<RuntimeArray*>(vm, JSValue::decode(thisValue));
-        if (!thisObject)
-            return throwVMTypeError(exec, scope);
-        return JSValue::encode(jsNumber(thisObject->getLength()));
-    }
-
-    Vector<int> m_vector;
-};
-
-class SimpleObject : public JSNonFinalObject {
-public:
-    SimpleObject(VM& vm, Structure* structure)
-        : Base(vm, structure)
-    {
-    }
-
-    typedef JSNonFinalObject Base;
-    static const bool needsDestruction = false;
-
-    static SimpleObject* create(VM& vm, JSGlobalObject* globalObject)
-    {
-        Structure* structure = createStructure(vm, globalObject, jsNull());
-        SimpleObject* simpleObject = new (NotNull, allocateCell<SimpleObject>(vm.heap, sizeof(SimpleObject))) SimpleObject(vm, structure);
-        simpleObject->finishCreation(vm);
-        return simpleObject;
-    }
-
-    static void visitChildren(JSCell* cell, SlotVisitor& visitor)
-    {
-        SimpleObject* thisObject = jsCast<SimpleObject*>(cell);
-        ASSERT_GC_OBJECT_INHERITS(thisObject, info());
-        Base::visitChildren(thisObject, visitor);
-        visitor.append(thisObject->m_hiddenValue);
-    }
-
-    static Structure* createStructure(VM& vm, JSGlobalObject* globalObject, JSValue prototype)
-    {
-        return Structure::create(vm, globalObject, prototype, TypeInfo(ObjectType, StructureFlags), info());
-    }
-
-    JSValue hiddenValue()
-    {
-        return m_hiddenValue.get();
-    }
-
-    void setHiddenValue(VM& vm, JSValue value)
-    {
-        ASSERT(value.isCell());
-        m_hiddenValue.set(vm, this, value);
-    }
-
-    DECLARE_INFO;
-
-private:
-    WriteBarrier<JSC::Unknown> m_hiddenValue;
-};
-
-class DOMJITNode : public JSNonFinalObject {
-public:
-    DOMJITNode(VM& vm, Structure* structure)
-        : Base(vm, structure)
-    {
-    }
-
-    DECLARE_INFO;
-    typedef JSNonFinalObject Base;
-    static const unsigned StructureFlags = Base::StructureFlags;
-
-    static Structure* createStructure(VM& vm, JSGlobalObject* globalObject, JSValue prototype)
-    {
-        return Structure::create(vm, globalObject, prototype, TypeInfo(JSC::JSType(LastJSCObjectType + 1), StructureFlags), info());
-    }
-
-#if ENABLE(JIT)
-    static Ref<Snippet> checkSubClassSnippet()
-    {
-        Ref<Snippet> snippet = Snippet::create();
-        snippet->setGenerator([=](CCallHelpers& jit, SnippetParams& params) {
-            CCallHelpers::JumpList failureCases;
-            failureCases.append(jit.branch8(
-                CCallHelpers::NotEqual,
-                CCallHelpers::Address(params[0].gpr(), JSCell::typeInfoTypeOffset()),
-                CCallHelpers::TrustedImm32(JSC::JSType(LastJSCObjectType + 1))));
-            return failureCases;
-        });
-        return snippet;
-    }
-#endif
-
-    static DOMJITNode* create(VM& vm, Structure* structure)
-    {
-        DOMJITNode* getter = new (NotNull, allocateCell<DOMJITNode>(vm.heap, sizeof(DOMJITNode))) DOMJITNode(vm, structure);
-        getter->finishCreation(vm);
-        return getter;
-    }
-
-    int32_t value() const
-    {
-        return m_value;
-    }
-
-    static ptrdiff_t offsetOfValue() { return OBJECT_OFFSETOF(DOMJITNode, m_value); }
-
-private:
-    int32_t m_value { 42 };
-};
-
-class DOMJITGetter : public DOMJITNode {
-public:
-    DOMJITGetter(VM& vm, Structure* structure)
-        : Base(vm, structure)
-    {
-    }
-
-    DECLARE_INFO;
-    typedef DOMJITNode Base;
-    static const unsigned StructureFlags = Base::StructureFlags;
-
-    static Structure* createStructure(VM& vm, JSGlobalObject* globalObject, JSValue prototype)
-    {
-        return Structure::create(vm, globalObject, prototype, TypeInfo(JSC::JSType(LastJSCObjectType + 1), StructureFlags), info());
-    }
-
-    static DOMJITGetter* create(VM& vm, Structure* structure)
-    {
-        DOMJITGetter* getter = new (NotNull, allocateCell<DOMJITGetter>(vm.heap, sizeof(DOMJITGetter))) DOMJITGetter(vm, structure);
-        getter->finishCreation(vm);
-        return getter;
-    }
-
-    class DOMJITAttribute : public DOMJIT::GetterSetter {
-    public:
-        constexpr DOMJITAttribute()
-            : DOMJIT::GetterSetter(
-                DOMJITGetter::customGetter,
-#if ENABLE(JIT)
-                &callDOMGetter,
-#else
-                nullptr,
-#endif
-                SpecInt32Only)
-        {
-        }
-
-#if ENABLE(JIT)
-        static EncodedJSValue JIT_OPERATION slowCall(ExecState* exec, void* pointer)
-        {
-            VM& vm = exec->vm();
-            NativeCallFrameTracer tracer(&vm, exec);
-            return JSValue::encode(jsNumber(static_cast<DOMJITGetter*>(pointer)->value()));
-        }
-
-        static Ref<DOMJIT::CallDOMGetterSnippet> callDOMGetter()
-        {
-            Ref<DOMJIT::CallDOMGetterSnippet> snippet = DOMJIT::CallDOMGetterSnippet::create();
-            snippet->requireGlobalObject = false;
-            snippet->setGenerator([=](CCallHelpers& jit, SnippetParams& params) {
-                JSValueRegs results = params[0].jsValueRegs();
-                GPRReg dom = params[1].gpr();
-                params.addSlowPathCall(jit.jump(), jit, slowCall, results, dom);
-                return CCallHelpers::JumpList();
-
-            });
-            return snippet;
-        }
-#endif
-    };
-
-private:
-    void finishCreation(VM&);
-
-    static EncodedJSValue customGetter(ExecState* exec, EncodedJSValue thisValue, PropertyName)
-    {
-        VM& vm = exec->vm();
-        DOMJITNode* thisObject = jsDynamicCast<DOMJITNode*>(vm, JSValue::decode(thisValue));
-        ASSERT(thisObject);
-        return JSValue::encode(jsNumber(thisObject->value()));
-    }
-};
-
-static const DOMJITGetter::DOMJITAttribute DOMJITGetterDOMJIT;
-
-void DOMJITGetter::finishCreation(VM& vm)
-{
-    Base::finishCreation(vm);
-    const DOMJIT::GetterSetter* domJIT = &DOMJITGetterDOMJIT;
-    auto* customGetterSetter = DOMAttributeGetterSetter::create(vm, domJIT->getter(), nullptr, DOMAttributeAnnotation { DOMJITNode::info(), domJIT });
-    putDirectCustomAccessor(vm, Identifier::fromString(&vm, "customGetter"), customGetterSetter, PropertyAttribute::ReadOnly | PropertyAttribute::CustomAccessor);
-}
-
-class DOMJITGetterComplex : public DOMJITNode {
-public:
-    DOMJITGetterComplex(VM& vm, Structure* structure)
-        : Base(vm, structure)
-    {
-    }
-
-    DECLARE_INFO;
-    typedef DOMJITNode Base;
-    static const unsigned StructureFlags = Base::StructureFlags;
-
-    static Structure* createStructure(VM& vm, JSGlobalObject* globalObject, JSValue prototype)
-    {
-        return Structure::create(vm, globalObject, prototype, TypeInfo(JSC::JSType(LastJSCObjectType + 1), StructureFlags), info());
-    }
-
-    static DOMJITGetterComplex* create(VM& vm, JSGlobalObject* globalObject, Structure* structure)
-    {
-        DOMJITGetterComplex* getter = new (NotNull, allocateCell<DOMJITGetterComplex>(vm.heap, sizeof(DOMJITGetterComplex))) DOMJITGetterComplex(vm, structure);
-        getter->finishCreation(vm, globalObject);
-        return getter;
-    }
-
-    class DOMJITAttribute : public DOMJIT::GetterSetter {
-    public:
-        constexpr DOMJITAttribute()
-            : DOMJIT::GetterSetter(
-                DOMJITGetterComplex::customGetter,
-#if ENABLE(JIT)
-                &callDOMGetter,
-#else
-                nullptr,
-#endif
-                SpecInt32Only)
-        {
-        }
-
-#if ENABLE(JIT)
-        static EncodedJSValue JIT_OPERATION slowCall(ExecState* exec, void* pointer)
-        {
-            VM& vm = exec->vm();
-            NativeCallFrameTracer tracer(&vm, exec);
-            auto scope = DECLARE_THROW_SCOPE(vm);
-            auto* object = static_cast<DOMJITNode*>(pointer);
-            auto* domjitGetterComplex = jsDynamicCast<DOMJITGetterComplex*>(vm, object);
-            if (domjitGetterComplex) {
-                if (domjitGetterComplex->m_enableException)
-                    return JSValue::encode(throwException(exec, scope, createError(exec, ASCIILiteral("DOMJITGetterComplex slow call exception"))));
-            }
-            return JSValue::encode(jsNumber(object->value()));
-        }
-
-        static Ref<DOMJIT::CallDOMGetterSnippet> callDOMGetter()
-        {
-            Ref<DOMJIT::CallDOMGetterSnippet> snippet = DOMJIT::CallDOMGetterSnippet::create();
-            static_assert(GPRInfo::numberOfRegisters >= 4, "Number of registers should be larger or equal to 4.");
-            unsigned numGPScratchRegisters = GPRInfo::numberOfRegisters - 4;
-            snippet->numGPScratchRegisters = numGPScratchRegisters;
-            snippet->numFPScratchRegisters = 3;
-            snippet->setGenerator([=](CCallHelpers& jit, SnippetParams& params) {
-                JSValueRegs results = params[0].jsValueRegs();
-                GPRReg domGPR = params[1].gpr();
-                for (unsigned i = 0; i < numGPScratchRegisters; ++i)
-                    jit.move(CCallHelpers::TrustedImm32(42), params.gpScratch(i));
-
-                params.addSlowPathCall(jit.jump(), jit, slowCall, results, domGPR);
-                return CCallHelpers::JumpList();
-            });
-            return snippet;
-        }
-#endif
-    };
-
-private:
-    void finishCreation(VM&, JSGlobalObject*);
-
-    static EncodedJSValue JSC_HOST_CALL functionEnableException(ExecState* exec)
-    {
-        VM& vm = exec->vm();
-        auto* object = jsDynamicCast<DOMJITGetterComplex*>(vm, exec->thisValue());
-        if (object)
-            object->m_enableException = true;
-        return JSValue::encode(jsUndefined());
-    }
-
-    static EncodedJSValue customGetter(ExecState* exec, EncodedJSValue thisValue, PropertyName)
-    {
-        VM& vm = exec->vm();
-        auto scope = DECLARE_THROW_SCOPE(vm);
-
-        auto* thisObject = jsDynamicCast<DOMJITGetterComplex*>(vm, JSValue::decode(thisValue));
-        ASSERT(thisObject);
-        if (thisObject->m_enableException)
-            return JSValue::encode(throwException(exec, scope, createError(exec, ASCIILiteral("DOMJITGetterComplex slow call exception"))));
-        return JSValue::encode(jsNumber(thisObject->value()));
-    }
-
-    bool m_enableException { false };
-};
-
-static const DOMJITGetterComplex::DOMJITAttribute DOMJITGetterComplexDOMJIT;
-
-void DOMJITGetterComplex::finishCreation(VM& vm, JSGlobalObject* globalObject)
-{
-    Base::finishCreation(vm);
-    const DOMJIT::GetterSetter* domJIT = &DOMJITGetterComplexDOMJIT;
-    auto* customGetterSetter = DOMAttributeGetterSetter::create(vm, domJIT->getter(), nullptr, DOMAttributeAnnotation { DOMJITGetterComplex::info(), domJIT });
-    putDirectCustomAccessor(vm, Identifier::fromString(&vm, "customGetter"), customGetterSetter, PropertyAttribute::ReadOnly | PropertyAttribute::CustomAccessor);
-    putDirectNativeFunction(vm, globalObject, Identifier::fromString(&vm, "enableException"), 0, functionEnableException, NoIntrinsic, 0);
-}
-
-class DOMJITFunctionObject : public DOMJITNode {
-public:
-    DOMJITFunctionObject(VM& vm, Structure* structure)
-        : Base(vm, structure)
-    {
-    }
-
-    DECLARE_INFO;
-    typedef DOMJITNode Base;
-    static const unsigned StructureFlags = Base::StructureFlags;
-
-
-    static Structure* createStructure(VM& vm, JSGlobalObject* globalObject, JSValue prototype)
-    {
-        return Structure::create(vm, globalObject, prototype, TypeInfo(JSC::JSType(LastJSCObjectType + 1), StructureFlags), info());
-    }
-
-    static DOMJITFunctionObject* create(VM& vm, JSGlobalObject* globalObject, Structure* structure)
-    {
-        DOMJITFunctionObject* object = new (NotNull, allocateCell<DOMJITFunctionObject>(vm.heap, sizeof(DOMJITFunctionObject))) DOMJITFunctionObject(vm, structure);
-        object->finishCreation(vm, globalObject);
-        return object;
-    }
-
-    static EncodedJSValue JSC_HOST_CALL safeFunction(ExecState* exec)
-    {
-        VM& vm = exec->vm();
-        auto scope = DECLARE_THROW_SCOPE(vm);
-
-        DOMJITNode* thisObject = jsDynamicCast<DOMJITNode*>(vm, exec->thisValue());
-        if (!thisObject)
-            return throwVMTypeError(exec, scope);
-        return JSValue::encode(jsNumber(thisObject->value()));
-    }
-
-    static EncodedJSValue JIT_OPERATION unsafeFunction(ExecState* exec, DOMJITNode* node)
-    {
-        VM& vm = exec->vm();
-        NativeCallFrameTracer tracer(&vm, exec);
-        return JSValue::encode(jsNumber(node->value()));
-    }
-
-#if ENABLE(JIT)
-    static Ref<Snippet> checkSubClassSnippet()
-    {
-        Ref<Snippet> snippet = Snippet::create();
-        snippet->numFPScratchRegisters = 1;
-        snippet->setGenerator([=](CCallHelpers& jit, SnippetParams& params) {
-            static const double value = 42.0;
-            CCallHelpers::JumpList failureCases;
-            // May use scratch registers.
-            jit.loadDouble(CCallHelpers::TrustedImmPtr(&value), params.fpScratch(0));
-            failureCases.append(jit.branch8(
-                CCallHelpers::NotEqual,
-                CCallHelpers::Address(params[0].gpr(), JSCell::typeInfoTypeOffset()),
-                CCallHelpers::TrustedImm32(JSC::JSType(LastJSCObjectType + 1))));
-            return failureCases;
-        });
-        return snippet;
-    }
-#endif
-
-private:
-    void finishCreation(VM&, JSGlobalObject*);
-};
-
-static const DOMJIT::Signature DOMJITFunctionObjectSignature((uintptr_t)DOMJITFunctionObject::unsafeFunction, DOMJITFunctionObject::info(), DOMJIT::Effect::forRead(DOMJIT::HeapRange::top()), SpecInt32Only);
-
-void DOMJITFunctionObject::finishCreation(VM& vm, JSGlobalObject* globalObject)
-{
-    Base::finishCreation(vm);
-    putDirectNativeFunction(vm, globalObject, Identifier::fromString(&vm, "func"), 0, safeFunction, NoIntrinsic, &DOMJITFunctionObjectSignature, static_cast<unsigned>(PropertyAttribute::ReadOnly));
-}
-
-class DOMJITCheckSubClassObject : public DOMJITNode {
-public:
-    DOMJITCheckSubClassObject(VM& vm, Structure* structure)
-        : Base(vm, structure)
-    {
-    }
-
-    DECLARE_INFO;
-    typedef DOMJITNode Base;
-    static const unsigned StructureFlags = Base::StructureFlags;
-
-
-    static Structure* createStructure(VM& vm, JSGlobalObject* globalObject, JSValue prototype)
-    {
-        return Structure::create(vm, globalObject, prototype, TypeInfo(JSC::JSType(LastJSCObjectType + 1), StructureFlags), info());
-    }
-
-    static DOMJITCheckSubClassObject* create(VM& vm, JSGlobalObject* globalObject, Structure* structure)
-    {
-        DOMJITCheckSubClassObject* object = new (NotNull, allocateCell<DOMJITCheckSubClassObject>(vm.heap, sizeof(DOMJITCheckSubClassObject))) DOMJITCheckSubClassObject(vm, structure);
-        object->finishCreation(vm, globalObject);
-        return object;
-    }
-
-    static EncodedJSValue JSC_HOST_CALL safeFunction(ExecState* exec)
-    {
-        VM& vm = exec->vm();
-        auto scope = DECLARE_THROW_SCOPE(vm);
-
-        auto* thisObject = jsDynamicCast<DOMJITCheckSubClassObject*>(vm, exec->thisValue());
-        if (!thisObject)
-            return throwVMTypeError(exec, scope);
-        return JSValue::encode(jsNumber(thisObject->value()));
-    }
-
-    static EncodedJSValue JIT_OPERATION unsafeFunction(ExecState* exec, DOMJITNode* node)
-    {
-        VM& vm = exec->vm();
-        NativeCallFrameTracer tracer(&vm, exec);
-        return JSValue::encode(jsNumber(node->value()));
-    }
-
-private:
-    void finishCreation(VM&, JSGlobalObject*);
-};
-
-static const DOMJIT::Signature DOMJITCheckSubClassObjectSignature((uintptr_t)DOMJITCheckSubClassObject::unsafeFunction, DOMJITCheckSubClassObject::info(), DOMJIT::Effect::forRead(DOMJIT::HeapRange::top()), SpecInt32Only);
-
-void DOMJITCheckSubClassObject::finishCreation(VM& vm, JSGlobalObject* globalObject)
-{
-    Base::finishCreation(vm);
-    putDirectNativeFunction(vm, globalObject, Identifier::fromString(&vm, "func"), 0, safeFunction, NoIntrinsic, &DOMJITCheckSubClassObjectSignature, static_cast<unsigned>(PropertyAttribute::ReadOnly));
-}
-
-class DOMJITGetterBaseJSObject : public DOMJITNode {
-public:
-    DOMJITGetterBaseJSObject(VM& vm, Structure* structure)
-        : Base(vm, structure)
-    {
-    }
-
-    DECLARE_INFO;
-    using Base = DOMJITNode;
-    static const unsigned StructureFlags = Base::StructureFlags;
-
-    static Structure* createStructure(VM& vm, JSGlobalObject* globalObject, JSValue prototype)
-    {
-        return Structure::create(vm, globalObject, prototype, TypeInfo(JSC::JSType(LastJSCObjectType + 1), StructureFlags), info());
-    }
-
-    static DOMJITGetterBaseJSObject* create(VM& vm, Structure* structure)
-    {
-        DOMJITGetterBaseJSObject* getter = new (NotNull, allocateCell<DOMJITGetterBaseJSObject>(vm.heap, sizeof(DOMJITGetterBaseJSObject))) DOMJITGetterBaseJSObject(vm, structure);
-        getter->finishCreation(vm);
-        return getter;
-    }
-
-    class DOMJITAttribute : public DOMJIT::GetterSetter {
-    public:
-        constexpr DOMJITAttribute()
-            : DOMJIT::GetterSetter(
-                DOMJITGetterBaseJSObject::customGetter,
-#if ENABLE(JIT)
-                &callDOMGetter,
-#else
-                nullptr,
-#endif
-                SpecBytecodeTop)
-        {
-        }
-
-#if ENABLE(JIT)
-        static EncodedJSValue JIT_OPERATION slowCall(ExecState* exec, void* pointer)
-        {
-            VM& vm = exec->vm();
-            NativeCallFrameTracer tracer(&vm, exec);
-            JSObject* object = static_cast<JSObject*>(pointer);
-            return JSValue::encode(object->getPrototypeDirect(vm));
-        }
-
-        static Ref<DOMJIT::CallDOMGetterSnippet> callDOMGetter()
-        {
-            Ref<DOMJIT::CallDOMGetterSnippet> snippet = DOMJIT::CallDOMGetterSnippet::create();
-            snippet->requireGlobalObject = false;
-            snippet->setGenerator([=](CCallHelpers& jit, SnippetParams& params) {
-                JSValueRegs results = params[0].jsValueRegs();
-                GPRReg dom = params[1].gpr();
-                params.addSlowPathCall(jit.jump(), jit, slowCall, results, dom);
-                return CCallHelpers::JumpList();
-
-            });
-            return snippet;
-        }
-#endif
-    };
-
-private:
-    void finishCreation(VM&);
-
-    static EncodedJSValue customGetter(ExecState* exec, EncodedJSValue thisValue, PropertyName)
-    {
-        VM& vm = exec->vm();
-        JSObject* thisObject = jsDynamicCast<JSObject*>(vm, JSValue::decode(thisValue));
-        RELEASE_ASSERT(thisObject);
-        return JSValue::encode(thisObject->getPrototypeDirect(vm));
-    }
-};
-
-static const DOMJITGetterBaseJSObject::DOMJITAttribute DOMJITGetterBaseJSObjectDOMJIT;
-
-void DOMJITGetterBaseJSObject::finishCreation(VM& vm)
-{
-    Base::finishCreation(vm);
-    const DOMJIT::GetterSetter* domJIT = &DOMJITGetterBaseJSObjectDOMJIT;
-    auto* customGetterSetter = DOMAttributeGetterSetter::create(vm, domJIT->getter(), nullptr, DOMAttributeAnnotation { JSObject::info(), domJIT });
-    putDirectCustomAccessor(vm, Identifier::fromString(&vm, "customGetter"), customGetterSetter, PropertyAttribute::ReadOnly | PropertyAttribute::CustomAccessor);
-}
-
-const ClassInfo Element::s_info = { "Element", &Base::s_info, nullptr, nullptr, CREATE_METHOD_TABLE(Element) };
 const ClassInfo Masquerader::s_info = { "Masquerader", &Base::s_info, nullptr, nullptr, CREATE_METHOD_TABLE(Masquerader) };
-const ClassInfo Root::s_info = { "Root", &Base::s_info, nullptr, nullptr, CREATE_METHOD_TABLE(Root) };
-const ClassInfo ImpureGetter::s_info = { "ImpureGetter", &Base::s_info, nullptr, nullptr, CREATE_METHOD_TABLE(ImpureGetter) };
-const ClassInfo CustomGetter::s_info = { "CustomGetter", &Base::s_info, nullptr, nullptr, CREATE_METHOD_TABLE(CustomGetter) };
-#if ENABLE(JIT)
-const ClassInfo DOMJITNode::s_info = { "DOMJITNode", &Base::s_info, nullptr, &DOMJITNode::checkSubClassSnippet, CREATE_METHOD_TABLE(DOMJITNode) };
-#else
-const ClassInfo DOMJITNode::s_info = { "DOMJITNode", &Base::s_info, nullptr, nullptr, CREATE_METHOD_TABLE(DOMJITNode) };
-#endif
-const ClassInfo DOMJITGetter::s_info = { "DOMJITGetter", &Base::s_info, nullptr, nullptr, CREATE_METHOD_TABLE(DOMJITGetter) };
-const ClassInfo DOMJITGetterComplex::s_info = { "DOMJITGetterComplex", &Base::s_info, nullptr, nullptr, CREATE_METHOD_TABLE(DOMJITGetterComplex) };
-const ClassInfo DOMJITGetterBaseJSObject::s_info = { "DOMJITGetterBaseJSObject", &Base::s_info, nullptr, nullptr, CREATE_METHOD_TABLE(DOMJITGetterBaseJSObject) };
-#if ENABLE(JIT)
-const ClassInfo DOMJITFunctionObject::s_info = { "DOMJITFunctionObject", &Base::s_info, nullptr, &DOMJITFunctionObject::checkSubClassSnippet, CREATE_METHOD_TABLE(DOMJITFunctionObject) };
-#else
-const ClassInfo DOMJITFunctionObject::s_info = { "DOMJITFunctionObject", &Base::s_info, nullptr, nullptr, CREATE_METHOD_TABLE(DOMJITFunctionObject) };
-#endif
-const ClassInfo DOMJITCheckSubClassObject::s_info = { "DOMJITCheckSubClassObject", &Base::s_info, nullptr, nullptr, CREATE_METHOD_TABLE(DOMJITCheckSubClassObject) };
-const ClassInfo RuntimeArray::s_info = { "RuntimeArray", &Base::s_info, nullptr, nullptr, CREATE_METHOD_TABLE(RuntimeArray) };
-const ClassInfo SimpleObject::s_info = { "SimpleObject", &Base::s_info, nullptr, nullptr, CREATE_METHOD_TABLE(SimpleObject) };
 static unsigned asyncTestPasses { 0 };
 static unsigned asyncTestExpectedPasses { 0 };
 
-ElementHandleOwner* Element::handleOwner()
-{
-    static ElementHandleOwner* owner = 0;
-    if (!owner)
-        owner = new ElementHandleOwner();
-    return owner;
-}
-
-void Element::finishCreation(VM& vm, Root* root)
-{
-    Base::finishCreation(vm);
-    setRoot(vm, root);
-    m_root->setElement(this);
-}
-
 }
 
 static bool fillBufferWithContentsOfFile(const String& fileName, Vector<char>& buffer);
@@ -1142,107 +248,9 @@ private:
     Deque<String> m_reports;
 };
 
-class JSTestCustomGetterSetter : public JSNonFinalObject {
-public:
-    using Base = JSNonFinalObject;
-    static const unsigned StructureFlags = Base::StructureFlags;
-
-    JSTestCustomGetterSetter(VM& vm, Structure* structure)
-        : Base(vm, structure)
-    { }
-
-    static JSTestCustomGetterSetter* create(VM& vm, JSGlobalObject*, Structure* structure)
-    {
-        JSTestCustomGetterSetter* result = new (NotNull, allocateCell<JSTestCustomGetterSetter>(vm.heap, sizeof(JSTestCustomGetterSetter))) JSTestCustomGetterSetter(vm, structure);
-        result->finishCreation(vm);
-        return result;
-    }
-
-    void finishCreation(VM& vm);
-
-    static Structure* createStructure(VM& vm, JSGlobalObject* globalObject)
-    {
-        return Structure::create(vm, globalObject, globalObject->objectPrototype(), TypeInfo(ObjectType, StructureFlags), info());
-    }
-
-    DECLARE_INFO;
-};
-
-
-static EncodedJSValue customGetAccessor(ExecState*, EncodedJSValue thisValue, PropertyName)
-{
-    // Passed |this|
-    return thisValue;
-}
-
-static EncodedJSValue customGetValue(ExecState* exec, EncodedJSValue slotValue, PropertyName)
-{
-    RELEASE_ASSERT(JSValue::decode(slotValue).inherits(exec->vm(), JSTestCustomGetterSetter::info()));
-    // Passed property holder.
-    return slotValue;
-}
-
-static bool customSetAccessor(ExecState* exec, EncodedJSValue thisObject, EncodedJSValue encodedValue)
-{
-    VM& vm = exec->vm();
-
-    JSValue value = JSValue::decode(encodedValue);
-    RELEASE_ASSERT(value.isObject());
-    JSObject* object = asObject(value);
-    PutPropertySlot slot(object);
-    object->put(object, exec, Identifier::fromString(&vm, "result"), JSValue::decode(thisObject), slot);
-
-    return true;
-}
-
-static bool customSetValue(ExecState* exec, EncodedJSValue slotValue, EncodedJSValue encodedValue)
-{
-    VM& vm = exec->vm();
 
-    RELEASE_ASSERT(JSValue::decode(slotValue).inherits(exec->vm(), JSTestCustomGetterSetter::info()));
-
-    JSValue value = JSValue::decode(encodedValue);
-    RELEASE_ASSERT(value.isObject());
-    JSObject* object = asObject(value);
-    PutPropertySlot slot(object);
-    object->put(object, exec, Identifier::fromString(&vm, "result"), JSValue::decode(slotValue), slot);
-
-    return true;
-}
-
-void JSTestCustomGetterSetter::finishCreation(VM& vm)
-{
-    Base::finishCreation(vm);
-
-    putDirectCustomAccessor(vm, Identifier::fromString(&vm, "customValue"),
-        CustomGetterSetter::create(vm, customGetValue, customSetValue), 0);
-    putDirectCustomAccessor(vm, Identifier::fromString(&vm, "customAccessor"),
-        CustomGetterSetter::create(vm, customGetAccessor, customSetAccessor), static_cast<unsigned>(PropertyAttribute::CustomAccessor));
-}
-
-const ClassInfo JSTestCustomGetterSetter::s_info = { "JSTestCustomGetterSetter", &Base::s_info, nullptr, nullptr, CREATE_METHOD_TABLE(JSTestCustomGetterSetter) };
-
-static EncodedJSValue JSC_HOST_CALL functionCreateProxy(ExecState*);
-static EncodedJSValue JSC_HOST_CALL functionCreateRuntimeArray(ExecState*);
-static EncodedJSValue JSC_HOST_CALL functionCreateImpureGetter(ExecState*);
-static EncodedJSValue JSC_HOST_CALL functionCreateCustomGetterObject(ExecState*);
-static EncodedJSValue JSC_HOST_CALL functionCreateDOMJITNodeObject(ExecState*);
-static EncodedJSValue JSC_HOST_CALL functionCreateDOMJITGetterObject(ExecState*);
-static EncodedJSValue JSC_HOST_CALL functionCreateDOMJITGetterComplexObject(ExecState*);
-static EncodedJSValue JSC_HOST_CALL functionCreateDOMJITFunctionObject(ExecState*);
-static EncodedJSValue JSC_HOST_CALL functionCreateDOMJITCheckSubClassObject(ExecState*);
-static EncodedJSValue JSC_HOST_CALL functionCreateDOMJITGetterBaseJSObject(ExecState*);
-static EncodedJSValue JSC_HOST_CALL functionCreateBuiltin(ExecState*);
 static EncodedJSValue JSC_HOST_CALL functionCreateGlobalObject(ExecState*);
-static EncodedJSValue JSC_HOST_CALL functionSetImpureGetterDelegate(ExecState*);
-
-static EncodedJSValue JSC_HOST_CALL functionSetElementRoot(ExecState*);
-static EncodedJSValue JSC_HOST_CALL functionCreateRoot(ExecState*);
-static EncodedJSValue JSC_HOST_CALL functionCreateElement(ExecState*);
-static EncodedJSValue JSC_HOST_CALL functionGetElement(ExecState*);
-static EncodedJSValue JSC_HOST_CALL functionCreateSimpleObject(ExecState*);
-static EncodedJSValue JSC_HOST_CALL functionGetHiddenValue(ExecState*);
-static EncodedJSValue JSC_HOST_CALL functionSetHiddenValue(ExecState*);
+
 static EncodedJSValue JSC_HOST_CALL functionPrintStdOut(ExecState*);
 static EncodedJSValue JSC_HOST_CALL functionPrintStdErr(ExecState*);
 static EncodedJSValue JSC_HOST_CALL functionDebug(ExecState*);
@@ -1256,7 +264,6 @@ static EncodedJSValue JSC_HOST_CALL functionEdenGC(ExecState*);
 static EncodedJSValue JSC_HOST_CALL functionForceGCSlowPaths(ExecState*);
 static EncodedJSValue JSC_HOST_CALL functionHeapSize(ExecState*);
 static EncodedJSValue JSC_HOST_CALL functionAddressOf(ExecState*);
-static EncodedJSValue JSC_HOST_CALL functionGetGetterSetter(ExecState*);
 #ifndef NDEBUG
 static EncodedJSValue JSC_HOST_CALL functionDumpCallFrame(ExecState*);
 #endif
@@ -1280,7 +287,6 @@ static EncodedJSValue JSC_HOST_CALL functionReoptimizationRetryCount(ExecState*)
 static EncodedJSValue JSC_HOST_CALL functionTransferArrayBuffer(ExecState*);
 static EncodedJSValue JSC_HOST_CALL functionFailNextNewCodeBlock(ExecState*);
 static NO_RETURN_WITH_VALUE EncodedJSValue JSC_HOST_CALL functionQuit(ExecState*);
-static NO_RETURN_DUE_TO_CRASH EncodedJSValue JSC_HOST_CALL functionAbort(ExecState*);
 static EncodedJSValue JSC_HOST_CALL functionFalse1(ExecState*);
 static EncodedJSValue JSC_HOST_CALL functionFalse2(ExecState*);
 static EncodedJSValue JSC_HOST_CALL functionUndefined1(ExecState*);
@@ -1291,12 +297,6 @@ static EncodedJSValue JSC_HOST_CALL functionIdentity(ExecState*);
 static EncodedJSValue JSC_HOST_CALL functionMakeMasquerader(ExecState*);
 static EncodedJSValue JSC_HOST_CALL functionHasCustomProperties(ExecState*);
 static EncodedJSValue JSC_HOST_CALL functionDumpTypesForAllVariables(ExecState*);
-static EncodedJSValue JSC_HOST_CALL functionFindTypeForExpression(ExecState*);
-static EncodedJSValue JSC_HOST_CALL functionReturnTypeFor(ExecState*);
-static EncodedJSValue JSC_HOST_CALL functionDumpBasicBlockExecutionRanges(ExecState*);
-static EncodedJSValue JSC_HOST_CALL functionHasBasicBlockExecuted(ExecState*);
-static EncodedJSValue JSC_HOST_CALL functionBasicBlockExecutionCount(ExecState*);
-static EncodedJSValue JSC_HOST_CALL functionEnableExceptionFuzz(ExecState*);
 static EncodedJSValue JSC_HOST_CALL functionDrainMicrotasks(ExecState*);
 static EncodedJSValue JSC_HOST_CALL functionIs32BitPlatform(ExecState*);
 static EncodedJSValue JSC_HOST_CALL functionLoadModule(ExecState*);
@@ -1323,13 +323,10 @@ static EncodedJSValue JSC_HOST_CALL functionSetSamplingFlags(ExecState*);
 static EncodedJSValue JSC_HOST_CALL functionClearSamplingFlags(ExecState*);
 #endif
 
-static EncodedJSValue JSC_HOST_CALL functionShadowChickenFunctionsOnStack(ExecState*);
-static EncodedJSValue JSC_HOST_CALL functionSetGlobalConstRedeclarationShouldNotThrow(ExecState*);
 static EncodedJSValue JSC_HOST_CALL functionGetRandomSeed(ExecState*);
 static EncodedJSValue JSC_HOST_CALL functionSetRandomSeed(ExecState*);
 static EncodedJSValue JSC_HOST_CALL functionIsRope(ExecState*);
 static EncodedJSValue JSC_HOST_CALL functionCallerSourceOrigin(ExecState*);
-static EncodedJSValue JSC_HOST_CALL functionGlobalObjectForObject(ExecState*);
 static EncodedJSValue JSC_HOST_CALL functionDollarCreateRealm(ExecState*);
 static EncodedJSValue JSC_HOST_CALL functionDollarDetachArrayBuffer(ExecState*);
 static EncodedJSValue JSC_HOST_CALL functionDollarEvalScript(ExecState*);
@@ -1343,8 +340,6 @@ static EncodedJSValue JSC_HOST_CALL functionDollarAgentLeaving(ExecState*);
 static EncodedJSValue JSC_HOST_CALL functionWaitForReport(ExecState*);
 static EncodedJSValue JSC_HOST_CALL functionHeapCapacity(ExecState*);
 static EncodedJSValue JSC_HOST_CALL functionFlashHeapAccess(ExecState*);
-static EncodedJSValue JSC_HOST_CALL functionLoadGetterFromGetterSetter(ExecState*);
-static EncodedJSValue JSC_HOST_CALL functionCreateCustomTestGetterSetter(ExecState*);
 
 struct Script {
     enum class StrictMode {
@@ -1480,14 +475,12 @@ protected:
         addFunction(vm, "print", functionPrintStdOut, 1);
         addFunction(vm, "printErr", functionPrintStdErr, 1);
         addFunction(vm, "quit", functionQuit, 0);
-        addFunction(vm, "abort", functionAbort, 0);
         addFunction(vm, "gc", functionGCAndSweep, 0);
         addFunction(vm, "fullGC", functionFullGC, 0);
         addFunction(vm, "edenGC", functionEdenGC, 0);
         addFunction(vm, "forceGCSlowPaths", functionForceGCSlowPaths, 0);
         addFunction(vm, "gcHeapSize", functionHeapSize, 0);
         addFunction(vm, "addressOf", functionAddressOf, 1);
-        addFunction(vm, "getGetterSetter", functionGetGetterSetter, 2);
 #ifndef NDEBUG
         addFunction(vm, "dumpCallFrame", functionDumpCallFrame, 0);
 #endif
@@ -1518,17 +511,7 @@ protected:
         addFunction(vm, "setSamplingFlags", functionSetSamplingFlags, 1);
         addFunction(vm, "clearSamplingFlags", functionClearSamplingFlags, 1);
 #endif
-        addFunction(vm, "shadowChickenFunctionsOnStack", functionShadowChickenFunctionsOnStack, 0);
-        addFunction(vm, "setGlobalConstRedeclarationShouldNotThrow", functionSetGlobalConstRedeclarationShouldNotThrow, 0);
-        addConstructableFunction(vm, "Root", functionCreateRoot, 0);
-        addConstructableFunction(vm, "Element", functionCreateElement, 1);
-        addFunction(vm, "getElement", functionGetElement, 1);
-        addFunction(vm, "setElementRoot", functionSetElementRoot, 2);
-        
-        addConstructableFunction(vm, "SimpleObject", functionCreateSimpleObject, 0);
-        addFunction(vm, "getHiddenValue", functionGetHiddenValue, 1);
-        addFunction(vm, "setHiddenValue", functionSetHiddenValue, 2);
-        
+
         putDirectNativeFunction(vm, this, Identifier::fromString(&vm, "DFGTrue"), 0, functionFalse1, DFGTrueIntrinsic, static_cast<unsigned>(PropertyAttribute::DontEnum));
         putDirectNativeFunction(vm, this, Identifier::fromString(&vm, "OSRExit"), 0, functionUndefined1, OSRExitIntrinsic, static_cast<unsigned>(PropertyAttribute::DontEnum));
         putDirectNativeFunction(vm, this, Identifier::fromString(&vm, "isFinalTier"), 0, functionFalse2, IsFinalTierIntrinsic, static_cast<unsigned>(PropertyAttribute::DontEnum));
@@ -1540,30 +523,9 @@ protected:
         addFunction(vm, "makeMasquerader", functionMakeMasquerader, 0);
         addFunction(vm, "hasCustomProperties", functionHasCustomProperties, 0);
 
-        addFunction(vm, "createProxy", functionCreateProxy, 1);
-        addFunction(vm, "createRuntimeArray", functionCreateRuntimeArray, 0);
-
-        addFunction(vm, "createImpureGetter", functionCreateImpureGetter, 1);
-        addFunction(vm, "createCustomGetterObject", functionCreateCustomGetterObject, 0);
-        addFunction(vm, "createDOMJITNodeObject", functionCreateDOMJITNodeObject, 0);
-        addFunction(vm, "createDOMJITGetterObject", functionCreateDOMJITGetterObject, 0);
-        addFunction(vm, "createDOMJITGetterComplexObject", functionCreateDOMJITGetterComplexObject, 0);
-        addFunction(vm, "createDOMJITFunctionObject", functionCreateDOMJITFunctionObject, 0);
-        addFunction(vm, "createDOMJITCheckSubClassObject", functionCreateDOMJITCheckSubClassObject, 0);
-        addFunction(vm, "createDOMJITGetterBaseJSObject", functionCreateDOMJITGetterBaseJSObject, 0);
-        addFunction(vm, "createBuiltin", functionCreateBuiltin, 2);
         addFunction(vm, "createGlobalObject", functionCreateGlobalObject, 0);
-        addFunction(vm, "setImpureGetterDelegate", functionSetImpureGetterDelegate, 2);
 
         addFunction(vm, "dumpTypesForAllVariables", functionDumpTypesForAllVariables , 0);
-        addFunction(vm, "findTypeForExpression", functionFindTypeForExpression, 2);
-        addFunction(vm, "returnTypeFor", functionReturnTypeFor, 1);
-
-        addFunction(vm, "dumpBasicBlockExecutionRanges", functionDumpBasicBlockExecutionRanges , 0);
-        addFunction(vm, "hasBasicBlockExecuted", functionHasBasicBlockExecuted, 2);
-        addFunction(vm, "basicBlockExecutionCount", functionBasicBlockExecutionCount, 2);
-
-        addFunction(vm, "enableExceptionFuzz", functionEnableExceptionFuzz, 0);
 
         addFunction(vm, "drainMicrotasks", functionDrainMicrotasks, 0);
 
@@ -1572,8 +534,6 @@ protected:
         addFunction(vm, "isRope", functionIsRope, 1);
         addFunction(vm, "callerSourceOrigin", functionCallerSourceOrigin, 0);
 
-        addFunction(vm, "globalObjectForObject", functionGlobalObjectForObject, 1);
-
         addFunction(vm, "is32BitPlatform", functionIs32BitPlatform, 0);
 
         addFunction(vm, "loadModule", functionLoadModule, 1);
@@ -1635,9 +595,6 @@ protected:
 
         addFunction(vm, "heapCapacity", functionHeapCapacity, 0);
         addFunction(vm, "flashHeapAccess", functionFlashHeapAccess, 0);
-
-        addFunction(vm, "loadGetterFromGetterSetter", functionLoadGetterFromGetterSetter, 1);
-        addFunction(vm, "createCustomTestGetterSetter", functionCreateCustomTestGetterSetter, 1);
     }
     
     void addFunction(VM& vm, JSObject* object, const char* name, NativeFunction function, unsigned arguments)
@@ -1651,12 +608,6 @@ protected:
         addFunction(vm, this, name, function, arguments);
     }
     
-    void addConstructableFunction(VM& vm, const char* name, NativeFunction function, unsigned arguments)
-    {
-        Identifier identifier = Identifier::fromString(&vm, name);
-        putDirect(vm, identifier, JSFunction::create(vm, this, arguments, identifier.string(), function, NoIntrinsic, function));
-    }
-
     static JSInternalPromise* moduleLoaderImportModule(JSGlobalObject*, ExecState*, JSModuleLoader*, JSString*, JSValue, const SourceOrigin&);
     static Identifier moduleLoaderResolve(JSGlobalObject*, ExecState*, JSModuleLoader*, JSValue, JSValue, JSValue);
     static JSInternalPromise* moduleLoaderFetch(JSGlobalObject*, ExecState*, JSModuleLoader*, JSValue, JSValue, JSValue);
@@ -2125,202 +1076,6 @@ EncodedJSValue JSC_HOST_CALL functionJSCStack(ExecState* exec)
     return JSValue::encode(jsUndefined());
 }
 
-EncodedJSValue JSC_HOST_CALL functionCreateRoot(ExecState* exec)
-{
-    VM& vm = exec->vm();
-    JSLockHolder lock(vm);
-    return JSValue::encode(Root::create(vm, exec->lexicalGlobalObject()));
-}
-
-EncodedJSValue JSC_HOST_CALL functionCreateElement(ExecState* exec)
-{
-    VM& vm = exec->vm();
-    JSLockHolder lock(vm);
-    auto scope = DECLARE_THROW_SCOPE(vm);
-
-    Root* root = jsDynamicCast<Root*>(vm, exec->argument(0));
-    if (!root)
-        return JSValue::encode(throwException(exec, scope, createError(exec, ASCIILiteral("Cannot create Element without a Root."))));
-    return JSValue::encode(Element::create(vm, exec->lexicalGlobalObject(), root));
-}
-
-EncodedJSValue JSC_HOST_CALL functionGetElement(ExecState* exec)
-{
-    VM& vm = exec->vm();
-    JSLockHolder lock(vm);
-    Root* root = jsDynamicCast<Root*>(vm, exec->argument(0));
-    if (!root)
-        return JSValue::encode(jsUndefined());
-    Element* result = root->element();
-    return JSValue::encode(result ? result : jsUndefined());
-}
-
-EncodedJSValue JSC_HOST_CALL functionSetElementRoot(ExecState* exec)
-{
-    VM& vm = exec->vm();
-    JSLockHolder lock(vm);
-    Element* element = jsDynamicCast<Element*>(vm, exec->argument(0));
-    Root* root = jsDynamicCast<Root*>(vm, exec->argument(1));
-    if (element && root)
-        element->setRoot(vm, root);
-    return JSValue::encode(jsUndefined());
-}
-
-EncodedJSValue JSC_HOST_CALL functionCreateSimpleObject(ExecState* exec)
-{
-    VM& vm = exec->vm();
-    JSLockHolder lock(vm);
-    return JSValue::encode(SimpleObject::create(vm, exec->lexicalGlobalObject()));
-}
-
-EncodedJSValue JSC_HOST_CALL functionGetHiddenValue(ExecState* exec)
-{
-    VM& vm = exec->vm();
-    JSLockHolder lock(vm);
-    auto scope = DECLARE_THROW_SCOPE(vm);
-
-    SimpleObject* simpleObject = jsDynamicCast<SimpleObject*>(vm, exec->argument(0));
-    if (UNLIKELY(!simpleObject)) {
-        throwTypeError(exec, scope, ASCIILiteral("Invalid use of getHiddenValue test function"));
-        return encodedJSValue();
-    }
-    return JSValue::encode(simpleObject->hiddenValue());
-}
-
-EncodedJSValue JSC_HOST_CALL functionSetHiddenValue(ExecState* exec)
-{
-    VM& vm = exec->vm();
-    JSLockHolder lock(vm);
-    auto scope = DECLARE_THROW_SCOPE(vm);
-
-    SimpleObject* simpleObject = jsDynamicCast<SimpleObject*>(vm, exec->argument(0));
-    if (UNLIKELY(!simpleObject)) {
-        throwTypeError(exec, scope, ASCIILiteral("Invalid use of setHiddenValue test function"));
-        return encodedJSValue();
-    }
-    JSValue value = exec->argument(1);
-    simpleObject->setHiddenValue(vm, value);
-    return JSValue::encode(jsUndefined());
-}
-
-EncodedJSValue JSC_HOST_CALL functionCreateProxy(ExecState* exec)
-{
-    VM& vm = exec->vm();
-    JSLockHolder lock(vm);
-    JSValue target = exec->argument(0);
-    if (!target.isObject())
-        return JSValue::encode(jsUndefined());
-    JSObject* jsTarget = asObject(target.asCell());
-    Structure* structure = JSProxy::createStructure(vm, exec->lexicalGlobalObject(), jsTarget->getPrototypeDirect(vm), ImpureProxyType);
-    JSProxy* proxy = JSProxy::create(vm, structure, jsTarget);
-    return JSValue::encode(proxy);
-}
-
-EncodedJSValue JSC_HOST_CALL functionCreateRuntimeArray(ExecState* exec)
-{
-    JSLockHolder lock(exec);
-    RuntimeArray* array = RuntimeArray::create(exec);
-    return JSValue::encode(array);
-}
-
-EncodedJSValue JSC_HOST_CALL functionCreateImpureGetter(ExecState* exec)
-{
-    VM& vm = exec->vm();
-    JSLockHolder lock(vm);
-    JSValue target = exec->argument(0);
-    JSObject* delegate = nullptr;
-    if (target.isObject())
-        delegate = asObject(target.asCell());
-    Structure* structure = ImpureGetter::createStructure(vm, exec->lexicalGlobalObject(), jsNull());
-    ImpureGetter* result = ImpureGetter::create(vm, structure, delegate);
-    return JSValue::encode(result);
-}
-
-EncodedJSValue JSC_HOST_CALL functionCreateCustomGetterObject(ExecState* exec)
-{
-    VM& vm = exec->vm();
-    JSLockHolder lock(vm);
-    Structure* structure = CustomGetter::createStructure(vm, exec->lexicalGlobalObject(), jsNull());
-    CustomGetter* result = CustomGetter::create(vm, structure);
-    return JSValue::encode(result);
-}
-
-EncodedJSValue JSC_HOST_CALL functionCreateDOMJITNodeObject(ExecState* exec)
-{
-    VM& vm = exec->vm();
-    JSLockHolder lock(vm);
-    Structure* structure = DOMJITNode::createStructure(vm, exec->lexicalGlobalObject(), DOMJITGetter::create(vm, DOMJITGetter::createStructure(vm, exec->lexicalGlobalObject(), jsNull())));
-    DOMJITNode* result = DOMJITNode::create(vm, structure);
-    return JSValue::encode(result);
-}
-
-EncodedJSValue JSC_HOST_CALL functionCreateDOMJITGetterObject(ExecState* exec)
-{
-    VM& vm = exec->vm();
-    JSLockHolder lock(vm);
-    Structure* structure = DOMJITGetter::createStructure(vm, exec->lexicalGlobalObject(), jsNull());
-    DOMJITGetter* result = DOMJITGetter::create(vm, structure);
-    return JSValue::encode(result);
-}
-
-EncodedJSValue JSC_HOST_CALL functionCreateDOMJITGetterComplexObject(ExecState* exec)
-{
-    VM& vm = exec->vm();
-    JSLockHolder lock(vm);
-    Structure* structure = DOMJITGetterComplex::createStructure(vm, exec->lexicalGlobalObject(), jsNull());
-    DOMJITGetterComplex* result = DOMJITGetterComplex::create(vm, exec->lexicalGlobalObject(), structure);
-    return JSValue::encode(result);
-}
-
-EncodedJSValue JSC_HOST_CALL functionCreateDOMJITFunctionObject(ExecState* exec)
-{
-    VM& vm = exec->vm();
-    JSLockHolder lock(vm);
-    Structure* structure = DOMJITFunctionObject::createStructure(vm, exec->lexicalGlobalObject(), jsNull());
-    DOMJITFunctionObject* result = DOMJITFunctionObject::create(vm, exec->lexicalGlobalObject(), structure);
-    return JSValue::encode(result);
-}
-
-EncodedJSValue JSC_HOST_CALL functionCreateDOMJITCheckSubClassObject(ExecState* exec)
-{
-    VM& vm = exec->vm();
-    JSLockHolder lock(vm);
-    Structure* structure = DOMJITCheckSubClassObject::createStructure(vm, exec->lexicalGlobalObject(), jsNull());
-    DOMJITCheckSubClassObject* result = DOMJITCheckSubClassObject::create(vm, exec->lexicalGlobalObject(), structure);
-    return JSValue::encode(result);
-}
-
-EncodedJSValue JSC_HOST_CALL functionCreateDOMJITGetterBaseJSObject(ExecState* exec)
-{
-    VM& vm = exec->vm();
-    JSLockHolder lock(vm);
-    Structure* structure = DOMJITGetterBaseJSObject::createStructure(vm, exec->lexicalGlobalObject(), jsNull());
-    DOMJITGetterBaseJSObject* result = DOMJITGetterBaseJSObject::create(vm, structure);
-    return JSValue::encode(result);
-}
-
-
-EncodedJSValue JSC_HOST_CALL functionSetImpureGetterDelegate(ExecState* exec)
-{
-    VM& vm = exec->vm();
-    JSLockHolder lock(vm);
-    auto scope = DECLARE_THROW_SCOPE(vm);
-
-    JSValue base = exec->argument(0);
-    if (!base.isObject())
-        return JSValue::encode(jsUndefined());
-    JSValue delegate = exec->argument(1);
-    if (!delegate.isObject())
-        return JSValue::encode(jsUndefined());
-    ImpureGetter* impureGetter = jsDynamicCast<ImpureGetter*>(vm, asObject(base.asCell()));
-    if (UNLIKELY(!impureGetter)) {
-        throwTypeError(exec, scope, ASCIILiteral("argument is not an ImpureGetter"));
-        return encodedJSValue();
-    }
-    impureGetter->setDelegate(vm, asObject(delegate.asCell()));
-    return JSValue::encode(jsUndefined());
-}
-
 EncodedJSValue JSC_HOST_CALL functionGCAndSweep(ExecState* exec)
 {
     VM& vm = exec->vm();
@@ -2374,28 +1129,6 @@ EncodedJSValue JSC_HOST_CALL functionAddressOf(ExecState* exec)
     return returnValue;
 }
 
-static EncodedJSValue JSC_HOST_CALL functionGetGetterSetter(ExecState* exec)
-{
-    JSValue value = exec->argument(0);
-    if (!value.isObject())
-        return JSValue::encode(jsUndefined());
-
-    JSValue property = exec->argument(1);
-    if (!property.isString())
-        return JSValue::encode(jsUndefined());
-
-    PropertySlot slot(value, PropertySlot::InternalMethodType::VMInquiry);
-    value.getPropertySlot(exec, asString(property)->toIdentifier(exec), slot);
-
-    JSValue result;
-    if (slot.isCacheableGetter())
-        result = slot.getterSetter();
-    else
-        result = jsNull();
-
-    return JSValue::encode(result);
-}
-
 EncodedJSValue JSC_HOST_CALL functionVersion(ExecState*)
 {
     // We need this function for compatibility with the Mozilla JS tests but for now
@@ -2583,19 +1316,6 @@ EncodedJSValue JSC_HOST_CALL functionClearSamplingFlags(ExecState* exec)
 }
 #endif
 
-EncodedJSValue JSC_HOST_CALL functionShadowChickenFunctionsOnStack(ExecState* exec)
-{
-    VM& vm = exec->vm();
-    return JSValue::encode(vm.shadowChicken().functionsOnStack(exec));
-}
-
-EncodedJSValue JSC_HOST_CALL functionSetGlobalConstRedeclarationShouldNotThrow(ExecState* exec)
-{
-    VM& vm = exec->vm();
-    vm.setGlobalConstRedeclarationShouldThrow(false);
-    return JSValue::encode(jsUndefined());
-}
-
 EncodedJSValue JSC_HOST_CALL functionGetRandomSeed(ExecState* exec)
 {
     return JSValue::encode(jsNumber(exec->lexicalGlobalObject()->weakRandom().seed()));
@@ -2629,15 +1349,6 @@ EncodedJSValue JSC_HOST_CALL functionCallerSourceOrigin(ExecState* state)
     return JSValue::encode(jsString(state, sourceOrigin.string()));
 }
 
-EncodedJSValue JSC_HOST_CALL functionGlobalObjectForObject(ExecState* exec)
-{
-    JSValue value = exec->argument(0);
-    RELEASE_ASSERT(value.isObject());
-    JSGlobalObject* globalObject = jsCast<JSObject*>(value)->globalObject();
-    RELEASE_ASSERT(globalObject);
-    return JSValue::encode(globalObject);
-}
-
 EncodedJSValue JSC_HOST_CALL functionReadline(ExecState* exec)
 {
     Vector<char, 256> line;
@@ -3019,29 +1730,6 @@ EncodedJSValue JSC_HOST_CALL functionFlashHeapAccess(ExecState* exec)
     return JSValue::encode(jsUndefined());
 }
 
-EncodedJSValue JSC_HOST_CALL functionLoadGetterFromGetterSetter(ExecState* exec)
-{
-    VM& vm = exec->vm();
-    auto scope = DECLARE_THROW_SCOPE(vm);
-
-    GetterSetter* getterSetter = jsDynamicCast<GetterSetter*>(vm, exec->argument(0));
-    if (UNLIKELY(!getterSetter)) {
-        throwTypeError(exec, scope, ASCIILiteral("Invalid use of loadGetterFromGetterSetter test function: argument is not a GetterSetter"));
-        return encodedJSValue();
-    }
-
-    JSObject* getter = getterSetter->getter();
-    RELEASE_ASSERT(getter);
-    return JSValue::encode(getter);
-}
-
-EncodedJSValue JSC_HOST_CALL functionCreateCustomTestGetterSetter(ExecState* exec)
-{
-    VM& vm = exec->vm();
-    JSGlobalObject* globalObject = exec->lexicalGlobalObject();
-    return JSValue::encode(JSTestCustomGetterSetter::create(vm, globalObject, JSTestCustomGetterSetter::createStructure(vm, globalObject)));
-}
-
 template<typename ValueType>
 typename std::enable_if<!std::is_fundamental<ValueType>::value>::type addOption(VM&, JSObject*, Identifier, ValueType) { }
 
@@ -3109,11 +1797,6 @@ EncodedJSValue JSC_HOST_CALL functionQuit(ExecState*)
 #endif
 }
 
-EncodedJSValue JSC_HOST_CALL functionAbort(ExecState*)
-{
-    CRASH();
-}
-
 EncodedJSValue JSC_HOST_CALL functionFalse1(ExecState*) { return JSValue::encode(jsBoolean(false)); }
 EncodedJSValue JSC_HOST_CALL functionFalse2(ExecState*) { return JSValue::encode(jsBoolean(false)); }
 
@@ -3156,92 +1839,6 @@ EncodedJSValue JSC_HOST_CALL functionDumpTypesForAllVariables(ExecState* exec)
     return JSValue::encode(jsUndefined());
 }
 
-EncodedJSValue JSC_HOST_CALL functionFindTypeForExpression(ExecState* exec)
-{
-    VM& vm = exec->vm();
-    RELEASE_ASSERT(vm.typeProfiler());
-    vm.typeProfilerLog()->processLogEntries(ASCIILiteral("jsc Testing API: functionFindTypeForExpression"));
-
-    JSValue functionValue = exec->argument(0);
-    RELEASE_ASSERT(functionValue.isFunction());
-    FunctionExecutable* executable = (jsDynamicCast<JSFunction*>(vm, functionValue.asCell()->getObject()))->jsExecutable();
-
-    RELEASE_ASSERT(exec->argument(1).isString());
-    String substring = asString(exec->argument(1))->value(exec);
-    String sourceCodeText = executable->source().view().toString();
-    unsigned offset = static_cast<unsigned>(sourceCodeText.find(substring) + executable->source().startOffset());
-    
-    String jsonString = vm.typeProfiler()->typeInformationForExpressionAtOffset(TypeProfilerSearchDescriptorNormal, offset, executable->sourceID(), vm);
-    return JSValue::encode(JSONParse(exec, jsonString));
-}
-
-EncodedJSValue JSC_HOST_CALL functionReturnTypeFor(ExecState* exec)
-{
-    VM& vm = exec->vm();
-    RELEASE_ASSERT(vm.typeProfiler());
-    vm.typeProfilerLog()->processLogEntries(ASCIILiteral("jsc Testing API: functionReturnTypeFor"));
-
-    JSValue functionValue = exec->argument(0);
-    RELEASE_ASSERT(functionValue.isFunction());
-    FunctionExecutable* executable = (jsDynamicCast<JSFunction*>(vm, functionValue.asCell()->getObject()))->jsExecutable();
-
-    unsigned offset = executable->typeProfilingStartOffset();
-    String jsonString = vm.typeProfiler()->typeInformationForExpressionAtOffset(TypeProfilerSearchDescriptorFunctionReturn, offset, executable->sourceID(), vm);
-    return JSValue::encode(JSONParse(exec, jsonString));
-}
-
-EncodedJSValue JSC_HOST_CALL functionDumpBasicBlockExecutionRanges(ExecState* exec)
-{
-    VM& vm = exec->vm();
-    RELEASE_ASSERT(vm.controlFlowProfiler());
-    vm.controlFlowProfiler()->dumpData();
-    return JSValue::encode(jsUndefined());
-}
-
-EncodedJSValue JSC_HOST_CALL functionHasBasicBlockExecuted(ExecState* exec)
-{
-    VM& vm = exec->vm();
-    RELEASE_ASSERT(vm.controlFlowProfiler());
-
-    JSValue functionValue = exec->argument(0);
-    RELEASE_ASSERT(functionValue.isFunction());
-    FunctionExecutable* executable = (jsDynamicCast<JSFunction*>(vm, functionValue.asCell()->getObject()))->jsExecutable();
-
-    RELEASE_ASSERT(exec->argument(1).isString());
-    String substring = asString(exec->argument(1))->value(exec);
-    String sourceCodeText = executable->source().view().toString();
-    RELEASE_ASSERT(sourceCodeText.contains(substring));
-    int offset = sourceCodeText.find(substring) + executable->source().startOffset();
-    
-    bool hasExecuted = vm.controlFlowProfiler()->hasBasicBlockAtTextOffsetBeenExecuted(offset, executable->sourceID(), vm);
-    return JSValue::encode(jsBoolean(hasExecuted));
-}
-
-EncodedJSValue JSC_HOST_CALL functionBasicBlockExecutionCount(ExecState* exec)
-{
-    VM& vm = exec->vm();
-    RELEASE_ASSERT(vm.controlFlowProfiler());
-
-    JSValue functionValue = exec->argument(0);
-    RELEASE_ASSERT(functionValue.isFunction());
-    FunctionExecutable* executable = (jsDynamicCast<JSFunction*>(vm, functionValue.asCell()->getObject()))->jsExecutable();
-
-    RELEASE_ASSERT(exec->argument(1).isString());
-    String substring = asString(exec->argument(1))->value(exec);
-    String sourceCodeText = executable->source().view().toString();
-    RELEASE_ASSERT(sourceCodeText.contains(substring));
-    int offset = sourceCodeText.find(substring) + executable->source().startOffset();
-    
-    size_t executionCount = vm.controlFlowProfiler()->basicBlockExecutionCountAtTextOffset(offset, executable->sourceID(), vm);
-    return JSValue::encode(JSValue(executionCount));
-}
-
-EncodedJSValue JSC_HOST_CALL functionEnableExceptionFuzz(ExecState*)
-{
-    Options::useExceptionFuzz() = true;
-    return JSValue::encode(jsUndefined());
-}
-
 EncodedJSValue JSC_HOST_CALL functionDrainMicrotasks(ExecState* exec)
 {
     VM& vm = exec->vm();
@@ -3286,23 +1883,6 @@ EncodedJSValue JSC_HOST_CALL functionLoadModule(ExecState* exec)
     return JSValue::encode(jsUndefined());
 }
 
-EncodedJSValue JSC_HOST_CALL functionCreateBuiltin(ExecState* exec)
-{
-    VM& vm = exec->vm();
-    auto scope = DECLARE_THROW_SCOPE(vm);
-
-    if (exec->argumentCount() < 1 || !exec->argument(0).isString())
-        return JSValue::encode(jsUndefined());
-
-    String functionText = asString(exec->argument(0))->value(exec);
-    RETURN_IF_EXCEPTION(scope, encodedJSValue());
-
-    const SourceCode& source = makeSource(functionText, { });
-    JSFunction* func = JSFunction::create(vm, createBuiltinExecutable(vm, source, Identifier::fromString(&vm, "foo"), ConstructorKind::None, ConstructAbility::CannotConstruct)->link(vm, source), exec->lexicalGlobalObject());
-
-    return JSValue::encode(func);
-}
-
 EncodedJSValue JSC_HOST_CALL functionCreateGlobalObject(ExecState* exec)
 {
     VM& vm = exec->vm();
index f1825e9..bd77b83 100644 (file)
@@ -896,7 +896,7 @@ putDirectWithoutTransition(vm, vm.propertyNames-> jsName, lowerName ## Construct
 
     if (UNLIKELY(Options::useDollarVM())) {
         m_dollarVMStructure.set(vm, this, JSDollarVM::createStructure(vm, this, m_objectPrototype.get()));
-        JSDollarVM* dollarVM = JSDollarVM::create(vm, this, m_dollarVMStructure.get());
+        JSDollarVM* dollarVM = JSDollarVM::create(vm, m_dollarVMStructure.get());
 
         GlobalPropertyInfo extraStaticGlobals[] = {
             GlobalPropertyInfo(vm.propertyNames->builtinNames().dollarVMPrivateName(), dollarVM, PropertyAttribute::DontEnum | PropertyAttribute::DontDelete | PropertyAttribute::ReadOnly),
index 3a09de3..c132f56 100644 (file)
 #include "config.h"
 #include "JSDollarVM.h"
 
+#include "BuiltinExecutableCreator.h"
 #include "CodeBlock.h"
+#include "DOMAttributeGetterSetter.h"
+#include "DOMJITGetterSetter.h"
+#include "FrameTracers.h"
 #include "FunctionCodeBlock.h"
+#include "GetterSetter.h"
+#include "JSArray.h"
 #include "JSArrayBuffer.h"
 #include "JSCInlines.h"
+#include "JSFunction.h"
+#include "JSONObject.h"
+#include "JSProxy.h"
+#include "JSString.h"
+#include "ShadowChicken.h"
+#include "Snippet.h"
+#include "SnippetParams.h"
+#include "TypeProfiler.h"
+#include "TypeProfilerLog.h"
 #include "VMInspector.h"
 #include <wtf/Atomics.h>
 #include <wtf/DataLog.h>
 #include <wtf/ProcessID.h>
 #include <wtf/StringPrintStream.h>
 
-namespace JSC {
+using namespace JSC;
+using namespace WTF;
+
+namespace {
+
+class ElementHandleOwner;
+class Root;
+
+class Element : public JSNonFinalObject {
+public:
+    Element(VM& vm, Structure* structure)
+        : Base(vm, structure)
+    {
+    }
+
+    typedef JSNonFinalObject Base;
+
+    Root* root() const { return m_root.get(); }
+    void setRoot(VM& vm, Root* root) { m_root.set(vm, this, root); }
+
+    static Element* create(VM& vm, JSGlobalObject* globalObject, Root* root)
+    {
+        Structure* structure = createStructure(vm, globalObject, jsNull());
+        Element* element = new (NotNull, allocateCell<Element>(vm.heap, sizeof(Element))) Element(vm, structure);
+        element->finishCreation(vm, root);
+        return element;
+    }
+
+    void finishCreation(VM&, Root*);
+
+    static void visitChildren(JSCell* cell, SlotVisitor& visitor)
+    {
+        Element* thisObject = jsCast<Element*>(cell);
+        ASSERT_GC_OBJECT_INHERITS(thisObject, info());
+        Base::visitChildren(thisObject, visitor);
+        visitor.append(thisObject->m_root);
+    }
+
+    static ElementHandleOwner* handleOwner();
+
+    static Structure* createStructure(VM& vm, JSGlobalObject* globalObject, JSValue prototype)
+    {
+        return Structure::create(vm, globalObject, prototype, TypeInfo(ObjectType, StructureFlags), info());
+    }
+
+    DECLARE_INFO;
+
+private:
+    WriteBarrier<Root> m_root;
+};
+
+class ElementHandleOwner : public WeakHandleOwner {
+public:
+    bool isReachableFromOpaqueRoots(Handle<JSC::Unknown> handle, void*, SlotVisitor& visitor) override
+    {
+        Element* element = jsCast<Element*>(handle.slot()->asCell());
+        return visitor.containsOpaqueRoot(element->root());
+    }
+};
+
+class Root : public JSDestructibleObject {
+public:
+    Root(VM& vm, Structure* structure)
+        : Base(vm, structure)
+    {
+    }
+
+    Element* element()
+    {
+        return m_element.get();
+    }
+
+    void setElement(Element* element)
+    {
+        Weak<Element> newElement(element, Element::handleOwner());
+        m_element.swap(newElement);
+    }
+
+    static Root* create(VM& vm, JSGlobalObject* globalObject)
+    {
+        Structure* structure = createStructure(vm, globalObject, jsNull());
+        Root* root = new (NotNull, allocateCell<Root>(vm.heap, sizeof(Root))) Root(vm, structure);
+        root->finishCreation(vm);
+        return root;
+    }
+
+    typedef JSDestructibleObject Base;
+
+    DECLARE_INFO;
+
+    static Structure* createStructure(VM& vm, JSGlobalObject* globalObject, JSValue prototype)
+    {
+        return Structure::create(vm, globalObject, prototype, TypeInfo(ObjectType, StructureFlags), info());
+    }
+
+    static void visitChildren(JSCell* thisObject, SlotVisitor& visitor)
+    {
+        Base::visitChildren(thisObject, visitor);
+        visitor.addOpaqueRoot(thisObject);
+    }
+
+private:
+    Weak<Element> m_element;
+};
+
+class SimpleObject : public JSNonFinalObject {
+public:
+    SimpleObject(VM& vm, Structure* structure)
+        : Base(vm, structure)
+    {
+    }
+
+    typedef JSNonFinalObject Base;
+    static const bool needsDestruction = false;
+
+    static SimpleObject* create(VM& vm, JSGlobalObject* globalObject)
+    {
+        Structure* structure = createStructure(vm, globalObject, jsNull());
+        SimpleObject* simpleObject = new (NotNull, allocateCell<SimpleObject>(vm.heap, sizeof(SimpleObject))) SimpleObject(vm, structure);
+        simpleObject->finishCreation(vm);
+        return simpleObject;
+    }
+
+    static void visitChildren(JSCell* cell, SlotVisitor& visitor)
+    {
+        SimpleObject* thisObject = jsCast<SimpleObject*>(cell);
+        ASSERT_GC_OBJECT_INHERITS(thisObject, info());
+        Base::visitChildren(thisObject, visitor);
+        visitor.append(thisObject->m_hiddenValue);
+    }
+
+    static Structure* createStructure(VM& vm, JSGlobalObject* globalObject, JSValue prototype)
+    {
+        return Structure::create(vm, globalObject, prototype, TypeInfo(ObjectType, StructureFlags), info());
+    }
+
+    JSValue hiddenValue()
+    {
+        return m_hiddenValue.get();
+    }
+
+    void setHiddenValue(VM& vm, JSValue value)
+    {
+        ASSERT(value.isCell());
+        m_hiddenValue.set(vm, this, value);
+    }
+
+    DECLARE_INFO;
+
+private:
+    WriteBarrier<JSC::Unknown> m_hiddenValue;
+};
+
+class ImpureGetter : public JSNonFinalObject {
+public:
+    ImpureGetter(VM& vm, Structure* structure)
+        : Base(vm, structure)
+    {
+    }
+
+    DECLARE_INFO;
+    typedef JSNonFinalObject Base;
+    static const unsigned StructureFlags = Base::StructureFlags | JSC::GetOwnPropertySlotIsImpure | JSC::OverridesGetOwnPropertySlot;
+
+    static Structure* createStructure(VM& vm, JSGlobalObject* globalObject, JSValue prototype)
+    {
+        return Structure::create(vm, globalObject, prototype, TypeInfo(ObjectType, StructureFlags), info());
+    }
+
+    static ImpureGetter* create(VM& vm, Structure* structure, JSObject* delegate)
+    {
+        ImpureGetter* getter = new (NotNull, allocateCell<ImpureGetter>(vm.heap, sizeof(ImpureGetter))) ImpureGetter(vm, structure);
+        getter->finishCreation(vm, delegate);
+        return getter;
+    }
+
+    void finishCreation(VM& vm, JSObject* delegate)
+    {
+        Base::finishCreation(vm);
+        if (delegate)
+            m_delegate.set(vm, this, delegate);
+    }
+
+    static bool getOwnPropertySlot(JSObject* object, ExecState* exec, PropertyName name, PropertySlot& slot)
+    {
+        VM& vm = exec->vm();
+        auto scope = DECLARE_THROW_SCOPE(vm);
+        ImpureGetter* thisObject = jsCast<ImpureGetter*>(object);
+        
+        if (thisObject->m_delegate) {
+            if (thisObject->m_delegate->getPropertySlot(exec, name, slot))
+                return true;
+            RETURN_IF_EXCEPTION(scope, false);
+        }
+
+        return Base::getOwnPropertySlot(object, exec, name, slot);
+    }
+
+    static void visitChildren(JSCell* cell, SlotVisitor& visitor)
+    {
+        Base::visitChildren(cell, visitor);
+        ImpureGetter* thisObject = jsCast<ImpureGetter*>(cell);
+        visitor.append(thisObject->m_delegate);
+    }
+
+    void setDelegate(VM& vm, JSObject* delegate)
+    {
+        m_delegate.set(vm, this, delegate);
+    }
+
+private:
+    WriteBarrier<JSObject> m_delegate;
+};
+
+class CustomGetter : public JSNonFinalObject {
+public:
+    CustomGetter(VM& vm, Structure* structure)
+        : Base(vm, structure)
+    {
+    }
+
+    DECLARE_INFO;
+    typedef JSNonFinalObject Base;
+    static const unsigned StructureFlags = Base::StructureFlags | JSC::OverridesGetOwnPropertySlot;
+
+    static Structure* createStructure(VM& vm, JSGlobalObject* globalObject, JSValue prototype)
+    {
+        return Structure::create(vm, globalObject, prototype, TypeInfo(ObjectType, StructureFlags), info());
+    }
+
+    static CustomGetter* create(VM& vm, Structure* structure)
+    {
+        CustomGetter* getter = new (NotNull, allocateCell<CustomGetter>(vm.heap, sizeof(CustomGetter))) CustomGetter(vm, structure);
+        getter->finishCreation(vm);
+        return getter;
+    }
+
+    static bool getOwnPropertySlot(JSObject* object, ExecState* exec, PropertyName propertyName, PropertySlot& slot)
+    {
+        CustomGetter* thisObject = jsCast<CustomGetter*>(object);
+        if (propertyName == PropertyName(Identifier::fromString(exec, "customGetter"))) {
+            slot.setCacheableCustom(thisObject, PropertyAttribute::DontDelete | PropertyAttribute::ReadOnly | PropertyAttribute::DontEnum, thisObject->customGetter);
+            return true;
+        }
+        
+        if (propertyName == PropertyName(Identifier::fromString(exec, "customGetterAccessor"))) {
+            slot.setCacheableCustom(thisObject, PropertyAttribute::DontDelete | PropertyAttribute::ReadOnly | PropertyAttribute::DontEnum | PropertyAttribute::CustomAccessor, thisObject->customGetterAcessor);
+            return true;
+        }
+        
+        return JSObject::getOwnPropertySlot(thisObject, exec, propertyName, slot);
+    }
+
+private:
+    static EncodedJSValue customGetter(ExecState* exec, EncodedJSValue thisValue, PropertyName)
+    {
+        VM& vm = exec->vm();
+        auto scope = DECLARE_THROW_SCOPE(vm);
+
+        CustomGetter* thisObject = jsDynamicCast<CustomGetter*>(vm, JSValue::decode(thisValue));
+        if (!thisObject)
+            return throwVMTypeError(exec, scope);
+        bool shouldThrow = thisObject->get(exec, PropertyName(Identifier::fromString(exec, "shouldThrow"))).toBoolean(exec);
+        RETURN_IF_EXCEPTION(scope, encodedJSValue());
+        if (shouldThrow)
+            return throwVMTypeError(exec, scope);
+        return JSValue::encode(jsNumber(100));
+    }
+    
+    static EncodedJSValue customGetterAcessor(ExecState* exec, EncodedJSValue thisValue, PropertyName)
+    {
+        VM& vm = exec->vm();
+        auto scope = DECLARE_THROW_SCOPE(vm);
+        
+        JSObject* thisObject = jsDynamicCast<JSObject*>(vm, JSValue::decode(thisValue));
+        if (!thisObject)
+            return throwVMTypeError(exec, scope);
+        bool shouldThrow = thisObject->get(exec, PropertyName(Identifier::fromString(exec, "shouldThrow"))).toBoolean(exec);
+        RETURN_IF_EXCEPTION(scope, encodedJSValue());
+        if (shouldThrow)
+            return throwVMTypeError(exec, scope);
+        return JSValue::encode(jsNumber(100));
+    }
+};
+
+class RuntimeArray : public JSArray {
+public:
+    typedef JSArray Base;
+    static const unsigned StructureFlags = Base::StructureFlags | OverridesGetOwnPropertySlot | InterceptsGetOwnPropertySlotByIndexEvenWhenLengthIsNotZero | OverridesGetPropertyNames;
+
+    static RuntimeArray* create(ExecState* exec)
+    {
+        VM& vm = exec->vm();
+        JSGlobalObject* globalObject = exec->lexicalGlobalObject();
+        Structure* structure = createStructure(vm, globalObject, createPrototype(vm, globalObject));
+        RuntimeArray* runtimeArray = new (NotNull, allocateCell<RuntimeArray>(vm.heap)) RuntimeArray(exec, structure);
+        runtimeArray->finishCreation(exec);
+        vm.heap.addFinalizer(runtimeArray, destroy);
+        return runtimeArray;
+    }
+
+    ~RuntimeArray() { }
+
+    static void destroy(JSCell* cell)
+    {
+        static_cast<RuntimeArray*>(cell)->RuntimeArray::~RuntimeArray();
+    }
+
+    static const bool needsDestruction = false;
+
+    static bool getOwnPropertySlot(JSObject* object, ExecState* exec, PropertyName propertyName, PropertySlot& slot)
+    {
+        VM& vm = exec->vm();
+        RuntimeArray* thisObject = jsCast<RuntimeArray*>(object);
+        if (propertyName == vm.propertyNames->length) {
+            slot.setCacheableCustom(thisObject, PropertyAttribute::DontDelete | PropertyAttribute::ReadOnly | PropertyAttribute::DontEnum, thisObject->lengthGetter);
+            return true;
+        }
+
+        std::optional<uint32_t> index = parseIndex(propertyName);
+        if (index && index.value() < thisObject->getLength()) {
+            slot.setValue(thisObject, PropertyAttribute::DontDelete | PropertyAttribute::DontEnum, jsNumber(thisObject->m_vector[index.value()]));
+            return true;
+        }
+
+        return JSObject::getOwnPropertySlot(thisObject, exec, propertyName, slot);
+    }
+
+    static bool getOwnPropertySlotByIndex(JSObject* object, ExecState* exec, unsigned index, PropertySlot& slot)
+    {
+        RuntimeArray* thisObject = jsCast<RuntimeArray*>(object);
+        if (index < thisObject->getLength()) {
+            slot.setValue(thisObject, PropertyAttribute::DontDelete | PropertyAttribute::DontEnum, jsNumber(thisObject->m_vector[index]));
+            return true;
+        }
+
+        return JSObject::getOwnPropertySlotByIndex(thisObject, exec, index, slot);
+    }
+
+    static NO_RETURN_DUE_TO_CRASH bool put(JSCell*, ExecState*, PropertyName, JSValue, PutPropertySlot&)
+    {
+        RELEASE_ASSERT_NOT_REACHED();
+    }
+
+    static NO_RETURN_DUE_TO_CRASH bool deleteProperty(JSCell*, ExecState*, PropertyName)
+    {
+        RELEASE_ASSERT_NOT_REACHED();
+    }
+
+    unsigned getLength() const { return m_vector.size(); }
+
+    DECLARE_INFO;
+
+    static ArrayPrototype* createPrototype(VM&, JSGlobalObject* globalObject)
+    {
+        return globalObject->arrayPrototype();
+    }
+
+    static Structure* createStructure(VM& vm, JSGlobalObject* globalObject, JSValue prototype)
+    {
+        return Structure::create(vm, globalObject, prototype, TypeInfo(DerivedArrayType, StructureFlags), info(), ArrayClass);
+    }
+
+protected:
+    void finishCreation(ExecState* exec)
+    {
+        VM& vm = exec->vm();
+        Base::finishCreation(vm);
+        ASSERT(inherits(vm, info()));
+
+        for (size_t i = 0; i < exec->argumentCount(); i++)
+            m_vector.append(exec->argument(i).toInt32(exec));
+    }
+
+private:
+    RuntimeArray(ExecState* exec, Structure* structure)
+        : JSArray(exec->vm(), structure, 0)
+    {
+    }
+
+    static EncodedJSValue lengthGetter(ExecState* exec, EncodedJSValue thisValue, PropertyName)
+    {
+        VM& vm = exec->vm();
+        auto scope = DECLARE_THROW_SCOPE(vm);
+
+        RuntimeArray* thisObject = jsDynamicCast<RuntimeArray*>(vm, JSValue::decode(thisValue));
+        if (!thisObject)
+            return throwVMTypeError(exec, scope);
+        return JSValue::encode(jsNumber(thisObject->getLength()));
+    }
+
+    Vector<int> m_vector;
+};
+
+class DOMJITNode : public JSNonFinalObject {
+public:
+    DOMJITNode(VM& vm, Structure* structure)
+        : Base(vm, structure)
+    {
+    }
+
+    DECLARE_INFO;
+    typedef JSNonFinalObject Base;
+    static const unsigned StructureFlags = Base::StructureFlags;
+
+    static Structure* createStructure(VM& vm, JSGlobalObject* globalObject, JSValue prototype)
+    {
+        return Structure::create(vm, globalObject, prototype, TypeInfo(JSC::JSType(LastJSCObjectType + 1), StructureFlags), info());
+    }
+
+#if ENABLE(JIT)
+    static Ref<Snippet> checkSubClassSnippet()
+    {
+        Ref<Snippet> snippet = Snippet::create();
+        snippet->setGenerator([=](CCallHelpers& jit, SnippetParams& params) {
+            CCallHelpers::JumpList failureCases;
+            failureCases.append(jit.branch8(
+                CCallHelpers::NotEqual,
+                CCallHelpers::Address(params[0].gpr(), JSCell::typeInfoTypeOffset()),
+                CCallHelpers::TrustedImm32(JSC::JSType(LastJSCObjectType + 1))));
+            return failureCases;
+        });
+        return snippet;
+    }
+#endif
+
+    static DOMJITNode* create(VM& vm, Structure* structure)
+    {
+        DOMJITNode* getter = new (NotNull, allocateCell<DOMJITNode>(vm.heap, sizeof(DOMJITNode))) DOMJITNode(vm, structure);
+        getter->finishCreation(vm);
+        return getter;
+    }
+
+    int32_t value() const
+    {
+        return m_value;
+    }
+
+    static ptrdiff_t offsetOfValue() { return OBJECT_OFFSETOF(DOMJITNode, m_value); }
+
+private:
+    int32_t m_value { 42 };
+};
+
+class DOMJITGetter : public DOMJITNode {
+public:
+    DOMJITGetter(VM& vm, Structure* structure)
+        : Base(vm, structure)
+    {
+    }
+
+    DECLARE_INFO;
+    typedef DOMJITNode Base;
+    static const unsigned StructureFlags = Base::StructureFlags;
+
+    static Structure* createStructure(VM& vm, JSGlobalObject* globalObject, JSValue prototype)
+    {
+        return Structure::create(vm, globalObject, prototype, TypeInfo(JSC::JSType(LastJSCObjectType + 1), StructureFlags), info());
+    }
+
+    static DOMJITGetter* create(VM& vm, Structure* structure)
+    {
+        DOMJITGetter* getter = new (NotNull, allocateCell<DOMJITGetter>(vm.heap, sizeof(DOMJITGetter))) DOMJITGetter(vm, structure);
+        getter->finishCreation(vm);
+        return getter;
+    }
+
+    class DOMJITAttribute : public DOMJIT::GetterSetter {
+    public:
+        constexpr DOMJITAttribute()
+            : DOMJIT::GetterSetter(
+                DOMJITGetter::customGetter,
+#if ENABLE(JIT)
+                &callDOMGetter,
+#else
+                nullptr,
+#endif
+                SpecInt32Only)
+        {
+        }
+
+#if ENABLE(JIT)
+        static EncodedJSValue JIT_OPERATION slowCall(ExecState* exec, void* pointer)
+        {
+            VM& vm = exec->vm();
+            NativeCallFrameTracer tracer(&vm, exec);
+            return JSValue::encode(jsNumber(static_cast<DOMJITGetter*>(pointer)->value()));
+        }
+
+        static Ref<DOMJIT::CallDOMGetterSnippet> callDOMGetter()
+        {
+            Ref<DOMJIT::CallDOMGetterSnippet> snippet = DOMJIT::CallDOMGetterSnippet::create();
+            snippet->requireGlobalObject = false;
+            snippet->setGenerator([=](CCallHelpers& jit, SnippetParams& params) {
+                JSValueRegs results = params[0].jsValueRegs();
+                GPRReg dom = params[1].gpr();
+                params.addSlowPathCall(jit.jump(), jit, slowCall, results, dom);
+                return CCallHelpers::JumpList();
+
+            });
+            return snippet;
+        }
+#endif
+    };
+
+private:
+    void finishCreation(VM&);
+
+    static EncodedJSValue customGetter(ExecState* exec, EncodedJSValue thisValue, PropertyName)
+    {
+        VM& vm = exec->vm();
+        DOMJITNode* thisObject = jsDynamicCast<DOMJITNode*>(vm, JSValue::decode(thisValue));
+        ASSERT(thisObject);
+        return JSValue::encode(jsNumber(thisObject->value()));
+    }
+};
+
+static const DOMJITGetter::DOMJITAttribute DOMJITGetterDOMJIT;
+
+void DOMJITGetter::finishCreation(VM& vm)
+{
+    Base::finishCreation(vm);
+    const DOMJIT::GetterSetter* domJIT = &DOMJITGetterDOMJIT;
+    auto* customGetterSetter = DOMAttributeGetterSetter::create(vm, domJIT->getter(), nullptr, DOMAttributeAnnotation { DOMJITNode::info(), domJIT });
+    putDirectCustomAccessor(vm, Identifier::fromString(&vm, "customGetter"), customGetterSetter, PropertyAttribute::ReadOnly | PropertyAttribute::CustomAccessor);
+}
+
+class DOMJITGetterComplex : public DOMJITNode {
+public:
+    DOMJITGetterComplex(VM& vm, Structure* structure)
+        : Base(vm, structure)
+    {
+    }
+
+    DECLARE_INFO;
+    typedef DOMJITNode Base;
+    static const unsigned StructureFlags = Base::StructureFlags;
+
+    static Structure* createStructure(VM& vm, JSGlobalObject* globalObject, JSValue prototype)
+    {
+        return Structure::create(vm, globalObject, prototype, TypeInfo(JSC::JSType(LastJSCObjectType + 1), StructureFlags), info());
+    }
+
+    static DOMJITGetterComplex* create(VM& vm, JSGlobalObject* globalObject, Structure* structure)
+    {
+        DOMJITGetterComplex* getter = new (NotNull, allocateCell<DOMJITGetterComplex>(vm.heap, sizeof(DOMJITGetterComplex))) DOMJITGetterComplex(vm, structure);
+        getter->finishCreation(vm, globalObject);
+        return getter;
+    }
+
+    class DOMJITAttribute : public DOMJIT::GetterSetter {
+    public:
+        constexpr DOMJITAttribute()
+            : DOMJIT::GetterSetter(
+                DOMJITGetterComplex::customGetter,
+#if ENABLE(JIT)
+                &callDOMGetter,
+#else
+                nullptr,
+#endif
+                SpecInt32Only)
+        {
+        }
+
+#if ENABLE(JIT)
+        static EncodedJSValue JIT_OPERATION slowCall(ExecState* exec, void* pointer)
+        {
+            VM& vm = exec->vm();
+            NativeCallFrameTracer tracer(&vm, exec);
+            auto scope = DECLARE_THROW_SCOPE(vm);
+            auto* object = static_cast<DOMJITNode*>(pointer);
+            auto* domjitGetterComplex = jsDynamicCast<DOMJITGetterComplex*>(vm, object);
+            if (domjitGetterComplex) {
+                if (domjitGetterComplex->m_enableException)
+                    return JSValue::encode(throwException(exec, scope, createError(exec, ASCIILiteral("DOMJITGetterComplex slow call exception"))));
+            }
+            return JSValue::encode(jsNumber(object->value()));
+        }
+
+        static Ref<DOMJIT::CallDOMGetterSnippet> callDOMGetter()
+        {
+            Ref<DOMJIT::CallDOMGetterSnippet> snippet = DOMJIT::CallDOMGetterSnippet::create();
+            static_assert(GPRInfo::numberOfRegisters >= 4, "Number of registers should be larger or equal to 4.");
+            unsigned numGPScratchRegisters = GPRInfo::numberOfRegisters - 4;
+            snippet->numGPScratchRegisters = numGPScratchRegisters;
+            snippet->numFPScratchRegisters = 3;
+            snippet->setGenerator([=](CCallHelpers& jit, SnippetParams& params) {
+                JSValueRegs results = params[0].jsValueRegs();
+                GPRReg domGPR = params[1].gpr();
+                for (unsigned i = 0; i < numGPScratchRegisters; ++i)
+                    jit.move(CCallHelpers::TrustedImm32(42), params.gpScratch(i));
+
+                params.addSlowPathCall(jit.jump(), jit, slowCall, results, domGPR);
+                return CCallHelpers::JumpList();
+            });
+            return snippet;
+        }
+#endif
+    };
+
+private:
+    void finishCreation(VM&, JSGlobalObject*);
+
+    static EncodedJSValue JSC_HOST_CALL functionEnableException(ExecState* exec)
+    {
+        VM& vm = exec->vm();
+        auto* object = jsDynamicCast<DOMJITGetterComplex*>(vm, exec->thisValue());
+        if (object)
+            object->m_enableException = true;
+        return JSValue::encode(jsUndefined());
+    }
+
+    static EncodedJSValue customGetter(ExecState* exec, EncodedJSValue thisValue, PropertyName)
+    {
+        VM& vm = exec->vm();
+        auto scope = DECLARE_THROW_SCOPE(vm);
+
+        auto* thisObject = jsDynamicCast<DOMJITGetterComplex*>(vm, JSValue::decode(thisValue));
+        ASSERT(thisObject);
+        if (thisObject->m_enableException)
+            return JSValue::encode(throwException(exec, scope, createError(exec, ASCIILiteral("DOMJITGetterComplex slow call exception"))));
+        return JSValue::encode(jsNumber(thisObject->value()));
+    }
+
+    bool m_enableException { false };
+};
+
+static const DOMJITGetterComplex::DOMJITAttribute DOMJITGetterComplexDOMJIT;
+
+void DOMJITGetterComplex::finishCreation(VM& vm, JSGlobalObject* globalObject)
+{
+    Base::finishCreation(vm);
+    const DOMJIT::GetterSetter* domJIT = &DOMJITGetterComplexDOMJIT;
+    auto* customGetterSetter = DOMAttributeGetterSetter::create(vm, domJIT->getter(), nullptr, DOMAttributeAnnotation { DOMJITGetterComplex::info(), domJIT });
+    putDirectCustomAccessor(vm, Identifier::fromString(&vm, "customGetter"), customGetterSetter, PropertyAttribute::ReadOnly | PropertyAttribute::CustomAccessor);
+    putDirectNativeFunction(vm, globalObject, Identifier::fromString(&vm, "enableException"), 0, functionEnableException, NoIntrinsic, 0);
+}
+
+class DOMJITFunctionObject : public DOMJITNode {
+public:
+    DOMJITFunctionObject(VM& vm, Structure* structure)
+        : Base(vm, structure)
+    {
+    }
+
+    DECLARE_INFO;
+    typedef DOMJITNode Base;
+    static const unsigned StructureFlags = Base::StructureFlags;
+
+
+    static Structure* createStructure(VM& vm, JSGlobalObject* globalObject, JSValue prototype)
+    {
+        return Structure::create(vm, globalObject, prototype, TypeInfo(JSC::JSType(LastJSCObjectType + 1), StructureFlags), info());
+    }
+
+    static DOMJITFunctionObject* create(VM& vm, JSGlobalObject* globalObject, Structure* structure)
+    {
+        DOMJITFunctionObject* object = new (NotNull, allocateCell<DOMJITFunctionObject>(vm.heap, sizeof(DOMJITFunctionObject))) DOMJITFunctionObject(vm, structure);
+        object->finishCreation(vm, globalObject);
+        return object;
+    }
+
+    static EncodedJSValue JSC_HOST_CALL safeFunction(ExecState* exec)
+    {
+        VM& vm = exec->vm();
+        auto scope = DECLARE_THROW_SCOPE(vm);
+
+        DOMJITNode* thisObject = jsDynamicCast<DOMJITNode*>(vm, exec->thisValue());
+        if (!thisObject)
+            return throwVMTypeError(exec, scope);
+        return JSValue::encode(jsNumber(thisObject->value()));
+    }
+
+    static EncodedJSValue JIT_OPERATION unsafeFunction(ExecState* exec, DOMJITNode* node)
+    {
+        VM& vm = exec->vm();
+        NativeCallFrameTracer tracer(&vm, exec);
+        return JSValue::encode(jsNumber(node->value()));
+    }
+
+#if ENABLE(JIT)
+    static Ref<Snippet> checkSubClassSnippet()
+    {
+        Ref<Snippet> snippet = Snippet::create();
+        snippet->numFPScratchRegisters = 1;
+        snippet->setGenerator([=](CCallHelpers& jit, SnippetParams& params) {
+            static const double value = 42.0;
+            CCallHelpers::JumpList failureCases;
+            // May use scratch registers.
+            jit.loadDouble(CCallHelpers::TrustedImmPtr(&value), params.fpScratch(0));
+            failureCases.append(jit.branch8(
+                CCallHelpers::NotEqual,
+                CCallHelpers::Address(params[0].gpr(), JSCell::typeInfoTypeOffset()),
+                CCallHelpers::TrustedImm32(JSC::JSType(LastJSCObjectType + 1))));
+            return failureCases;
+        });
+        return snippet;
+    }
+#endif
+
+private:
+    void finishCreation(VM&, JSGlobalObject*);
+};
+
+static const DOMJIT::Signature DOMJITFunctionObjectSignature((uintptr_t)DOMJITFunctionObject::unsafeFunction, DOMJITFunctionObject::info(), DOMJIT::Effect::forRead(DOMJIT::HeapRange::top()), SpecInt32Only);
+
+void DOMJITFunctionObject::finishCreation(VM& vm, JSGlobalObject* globalObject)
+{
+    Base::finishCreation(vm);
+    putDirectNativeFunction(vm, globalObject, Identifier::fromString(&vm, "func"), 0, safeFunction, NoIntrinsic, &DOMJITFunctionObjectSignature, static_cast<unsigned>(PropertyAttribute::ReadOnly));
+}
+
+class DOMJITCheckSubClassObject : public DOMJITNode {
+public:
+    DOMJITCheckSubClassObject(VM& vm, Structure* structure)
+        : Base(vm, structure)
+    {
+    }
+
+    DECLARE_INFO;
+    typedef DOMJITNode Base;
+    static const unsigned StructureFlags = Base::StructureFlags;
+
+
+    static Structure* createStructure(VM& vm, JSGlobalObject* globalObject, JSValue prototype)
+    {
+        return Structure::create(vm, globalObject, prototype, TypeInfo(JSC::JSType(LastJSCObjectType + 1), StructureFlags), info());
+    }
+
+    static DOMJITCheckSubClassObject* create(VM& vm, JSGlobalObject* globalObject, Structure* structure)
+    {
+        DOMJITCheckSubClassObject* object = new (NotNull, allocateCell<DOMJITCheckSubClassObject>(vm.heap, sizeof(DOMJITCheckSubClassObject))) DOMJITCheckSubClassObject(vm, structure);
+        object->finishCreation(vm, globalObject);
+        return object;
+    }
+
+    static EncodedJSValue JSC_HOST_CALL safeFunction(ExecState* exec)
+    {
+        VM& vm = exec->vm();
+        auto scope = DECLARE_THROW_SCOPE(vm);
+
+        auto* thisObject = jsDynamicCast<DOMJITCheckSubClassObject*>(vm, exec->thisValue());
+        if (!thisObject)
+            return throwVMTypeError(exec, scope);
+        return JSValue::encode(jsNumber(thisObject->value()));
+    }
+
+    static EncodedJSValue JIT_OPERATION unsafeFunction(ExecState* exec, DOMJITNode* node)
+    {
+        VM& vm = exec->vm();
+        NativeCallFrameTracer tracer(&vm, exec);
+        return JSValue::encode(jsNumber(node->value()));
+    }
+
+private:
+    void finishCreation(VM&, JSGlobalObject*);
+};
+
+static const DOMJIT::Signature DOMJITCheckSubClassObjectSignature((uintptr_t)DOMJITCheckSubClassObject::unsafeFunction, DOMJITCheckSubClassObject::info(), DOMJIT::Effect::forRead(DOMJIT::HeapRange::top()), SpecInt32Only);
+
+void DOMJITCheckSubClassObject::finishCreation(VM& vm, JSGlobalObject* globalObject)
+{
+    Base::finishCreation(vm);
+    putDirectNativeFunction(vm, globalObject, Identifier::fromString(&vm, "func"), 0, safeFunction, NoIntrinsic, &DOMJITCheckSubClassObjectSignature, static_cast<unsigned>(PropertyAttribute::ReadOnly));
+}
+
+class DOMJITGetterBaseJSObject : public DOMJITNode {
+public:
+    DOMJITGetterBaseJSObject(VM& vm, Structure* structure)
+        : Base(vm, structure)
+    {
+    }
+
+    DECLARE_INFO;
+    using Base = DOMJITNode;
+    static const unsigned StructureFlags = Base::StructureFlags;
+
+    static Structure* createStructure(VM& vm, JSGlobalObject* globalObject, JSValue prototype)
+    {
+        return Structure::create(vm, globalObject, prototype, TypeInfo(JSC::JSType(LastJSCObjectType + 1), StructureFlags), info());
+    }
+
+    static DOMJITGetterBaseJSObject* create(VM& vm, Structure* structure)
+    {
+        DOMJITGetterBaseJSObject* getter = new (NotNull, allocateCell<DOMJITGetterBaseJSObject>(vm.heap, sizeof(DOMJITGetterBaseJSObject))) DOMJITGetterBaseJSObject(vm, structure);
+        getter->finishCreation(vm);
+        return getter;
+    }
+
+    class DOMJITAttribute : public DOMJIT::GetterSetter {
+    public:
+        constexpr DOMJITAttribute()
+            : DOMJIT::GetterSetter(
+                DOMJITGetterBaseJSObject::customGetter,
+#if ENABLE(JIT)
+                &callDOMGetter,
+#else
+                nullptr,
+#endif
+                SpecBytecodeTop)
+        {
+        }
+
+#if ENABLE(JIT)
+        static EncodedJSValue JIT_OPERATION slowCall(ExecState* exec, void* pointer)
+        {
+            VM& vm = exec->vm();
+            NativeCallFrameTracer tracer(&vm, exec);
+            JSObject* object = static_cast<JSObject*>(pointer);
+            return JSValue::encode(object->getPrototypeDirect(vm));
+        }
+
+        static Ref<DOMJIT::CallDOMGetterSnippet> callDOMGetter()
+        {
+            Ref<DOMJIT::CallDOMGetterSnippet> snippet = DOMJIT::CallDOMGetterSnippet::create();
+            snippet->requireGlobalObject = false;
+            snippet->setGenerator([=](CCallHelpers& jit, SnippetParams& params) {
+                JSValueRegs results = params[0].jsValueRegs();
+                GPRReg dom = params[1].gpr();
+                params.addSlowPathCall(jit.jump(), jit, slowCall, results, dom);
+                return CCallHelpers::JumpList();
+
+            });
+            return snippet;
+        }
+#endif
+    };
+
+private:
+    void finishCreation(VM&);
+
+    static EncodedJSValue customGetter(ExecState* exec, EncodedJSValue thisValue, PropertyName)
+    {
+        VM& vm = exec->vm();
+        JSObject* thisObject = jsDynamicCast<JSObject*>(vm, JSValue::decode(thisValue));
+        RELEASE_ASSERT(thisObject);
+        return JSValue::encode(thisObject->getPrototypeDirect(vm));
+    }
+};
+
+static const DOMJITGetterBaseJSObject::DOMJITAttribute DOMJITGetterBaseJSObjectDOMJIT;
+
+void DOMJITGetterBaseJSObject::finishCreation(VM& vm)
+{
+    Base::finishCreation(vm);
+    const DOMJIT::GetterSetter* domJIT = &DOMJITGetterBaseJSObjectDOMJIT;
+    auto* customGetterSetter = DOMAttributeGetterSetter::create(vm, domJIT->getter(), nullptr, DOMAttributeAnnotation { JSObject::info(), domJIT });
+    putDirectCustomAccessor(vm, Identifier::fromString(&vm, "customGetter"), customGetterSetter, PropertyAttribute::ReadOnly | PropertyAttribute::CustomAccessor);
+}
 
-const ClassInfo JSDollarVM::s_info = { "DollarVM", &Base::s_info, nullptr, nullptr, CREATE_METHOD_TABLE(JSDollarVM) };
+class Message : public ThreadSafeRefCounted<Message> {
+public:
+    Message(ArrayBufferContents&&, int32_t);
+    ~Message();
 
-void JSDollarVM::addFunction(VM& vm, JSGlobalObject* globalObject, const char* name, NativeFunction function, unsigned arguments)
+    ArrayBufferContents&& releaseContents() { return WTFMove(m_contents); }
+    int32_t index() const { return m_index; }
+
+private:
+    ArrayBufferContents m_contents;
+    int32_t m_index { 0 };
+};
+
+class JSTestCustomGetterSetter : public JSNonFinalObject {
+public:
+    using Base = JSNonFinalObject;
+    static const unsigned StructureFlags = Base::StructureFlags;
+
+    JSTestCustomGetterSetter(VM& vm, Structure* structure)
+        : Base(vm, structure)
+    { }
+
+    static JSTestCustomGetterSetter* create(VM& vm, JSGlobalObject*, Structure* structure)
+    {
+        JSTestCustomGetterSetter* result = new (NotNull, allocateCell<JSTestCustomGetterSetter>(vm.heap, sizeof(JSTestCustomGetterSetter))) JSTestCustomGetterSetter(vm, structure);
+        result->finishCreation(vm);
+        return result;
+    }
+
+    void finishCreation(VM&);
+
+    static Structure* createStructure(VM& vm, JSGlobalObject* globalObject)
+    {
+        return Structure::create(vm, globalObject, globalObject->objectPrototype(), TypeInfo(ObjectType, StructureFlags), info());
+    }
+
+    DECLARE_INFO;
+};
+
+
+static EncodedJSValue customGetAccessor(ExecState*, EncodedJSValue thisValue, PropertyName)
 {
-    Identifier identifier = Identifier::fromString(&vm, name);
-    putDirect(vm, identifier, JSFunction::create(vm, globalObject, arguments, identifier.string(), function));
+    // Passed |this|
+    return thisValue;
+}
+
+static EncodedJSValue customGetValue(ExecState* exec, EncodedJSValue slotValue, PropertyName)
+{
+    RELEASE_ASSERT(JSValue::decode(slotValue).inherits(exec->vm(), JSTestCustomGetterSetter::info()));
+    // Passed property holder.
+    return slotValue;
+}
+
+static bool customSetAccessor(ExecState* exec, EncodedJSValue thisObject, EncodedJSValue encodedValue)
+{
+    VM& vm = exec->vm();
+
+    JSValue value = JSValue::decode(encodedValue);
+    RELEASE_ASSERT(value.isObject());
+    JSObject* object = asObject(value);
+    PutPropertySlot slot(object);
+    object->put(object, exec, Identifier::fromString(&vm, "result"), JSValue::decode(thisObject), slot);
+
+    return true;
+}
+
+static bool customSetValue(ExecState* exec, EncodedJSValue slotValue, EncodedJSValue encodedValue)
+{
+    VM& vm = exec->vm();
+
+    RELEASE_ASSERT(JSValue::decode(slotValue).inherits(exec->vm(), JSTestCustomGetterSetter::info()));
+
+    JSValue value = JSValue::decode(encodedValue);
+    RELEASE_ASSERT(value.isObject());
+    JSObject* object = asObject(value);
+    PutPropertySlot slot(object);
+    object->put(object, exec, Identifier::fromString(&vm, "result"), JSValue::decode(slotValue), slot);
+
+    return true;
+}
+
+void JSTestCustomGetterSetter::finishCreation(VM& vm)
+{
+    Base::finishCreation(vm);
+
+    putDirectCustomAccessor(vm, Identifier::fromString(&vm, "customValue"),
+        CustomGetterSetter::create(vm, customGetValue, customSetValue), 0);
+    putDirectCustomAccessor(vm, Identifier::fromString(&vm, "customAccessor"),
+        CustomGetterSetter::create(vm, customGetAccessor, customSetAccessor), static_cast<unsigned>(PropertyAttribute::CustomAccessor));
+}
+
+const ClassInfo Element::s_info = { "Element", &Base::s_info, nullptr, nullptr, CREATE_METHOD_TABLE(Element) };
+const ClassInfo Root::s_info = { "Root", &Base::s_info, nullptr, nullptr, CREATE_METHOD_TABLE(Root) };
+const ClassInfo SimpleObject::s_info = { "SimpleObject", &Base::s_info, nullptr, nullptr, CREATE_METHOD_TABLE(SimpleObject) };
+const ClassInfo ImpureGetter::s_info = { "ImpureGetter", &Base::s_info, nullptr, nullptr, CREATE_METHOD_TABLE(ImpureGetter) };
+const ClassInfo CustomGetter::s_info = { "CustomGetter", &Base::s_info, nullptr, nullptr, CREATE_METHOD_TABLE(CustomGetter) };
+const ClassInfo RuntimeArray::s_info = { "RuntimeArray", &Base::s_info, nullptr, nullptr, CREATE_METHOD_TABLE(RuntimeArray) };
+#if ENABLE(JIT)
+const ClassInfo DOMJITNode::s_info = { "DOMJITNode", &Base::s_info, nullptr, &DOMJITNode::checkSubClassSnippet, CREATE_METHOD_TABLE(DOMJITNode) };
+#else
+const ClassInfo DOMJITNode::s_info = { "DOMJITNode", &Base::s_info, nullptr, nullptr, CREATE_METHOD_TABLE(DOMJITNode) };
+#endif
+const ClassInfo DOMJITGetter::s_info = { "DOMJITGetter", &Base::s_info, nullptr, nullptr, CREATE_METHOD_TABLE(DOMJITGetter) };
+const ClassInfo DOMJITGetterComplex::s_info = { "DOMJITGetterComplex", &Base::s_info, nullptr, nullptr, CREATE_METHOD_TABLE(DOMJITGetterComplex) };
+const ClassInfo DOMJITGetterBaseJSObject::s_info = { "DOMJITGetterBaseJSObject", &Base::s_info, nullptr, nullptr, CREATE_METHOD_TABLE(DOMJITGetterBaseJSObject) };
+#if ENABLE(JIT)
+const ClassInfo DOMJITFunctionObject::s_info = { "DOMJITFunctionObject", &Base::s_info, nullptr, &DOMJITFunctionObject::checkSubClassSnippet, CREATE_METHOD_TABLE(DOMJITFunctionObject) };
+#else
+const ClassInfo DOMJITFunctionObject::s_info = { "DOMJITFunctionObject", &Base::s_info, nullptr, nullptr, CREATE_METHOD_TABLE(DOMJITFunctionObject) };
+#endif
+const ClassInfo DOMJITCheckSubClassObject::s_info = { "DOMJITCheckSubClassObject", &Base::s_info, nullptr, nullptr, CREATE_METHOD_TABLE(DOMJITCheckSubClassObject) };
+const ClassInfo JSTestCustomGetterSetter::s_info = { "JSTestCustomGetterSetter", &Base::s_info, nullptr, nullptr, CREATE_METHOD_TABLE(JSTestCustomGetterSetter) };
+
+ElementHandleOwner* Element::handleOwner()
+{
+    static ElementHandleOwner* owner = 0;
+    if (!owner)
+        owner = new ElementHandleOwner();
+    return owner;
+}
+
+void Element::finishCreation(VM& vm, Root* root)
+{
+    Base::finishCreation(vm);
+    setRoot(vm, root);
+    m_root->setElement(this);
 }
 
+} // namespace
+
+namespace JSC {
+
+const ClassInfo JSDollarVM::s_info = { "DollarVM", &Base::s_info, nullptr, nullptr, CREATE_METHOD_TABLE(JSDollarVM) };
+
 // Triggers a crash immediately.
 // Usage: $vm.crash()
-static EncodedJSValue JSC_HOST_CALL functionCrash(ExecState*)
+static NO_RETURN_DUE_TO_CRASH EncodedJSValue JSC_HOST_CALL functionCrash(ExecState*)
 {
     CRASH();
-    return JSValue::encode(jsUndefined());
 }
 
 // Returns true if the current frame is a DFG frame.
@@ -356,37 +1344,453 @@ static EncodedJSValue JSC_HOST_CALL functionGetPID(ExecState*)
     return JSValue::encode(jsNumber(getCurrentProcessID()));
 }
 
-void JSDollarVM::finishCreation(VM& vm, JSGlobalObject* globalObject)
+static EncodedJSValue JSC_HOST_CALL functionCreateProxy(ExecState* exec)
 {
-    Base::finishCreation(vm);
+    VM& vm = exec->vm();
+    JSLockHolder lock(vm);
+    JSValue target = exec->argument(0);
+    if (!target.isObject())
+        return JSValue::encode(jsUndefined());
+    JSObject* jsTarget = asObject(target.asCell());
+    Structure* structure = JSProxy::createStructure(vm, exec->lexicalGlobalObject(), jsTarget->getPrototypeDirect(vm), ImpureProxyType);
+    JSProxy* proxy = JSProxy::create(vm, structure, jsTarget);
+    return JSValue::encode(proxy);
+}
+
+static EncodedJSValue JSC_HOST_CALL functionCreateRuntimeArray(ExecState* exec)
+{
+    JSLockHolder lock(exec);
+    RuntimeArray* array = RuntimeArray::create(exec);
+    return JSValue::encode(array);
+}
+
+static EncodedJSValue JSC_HOST_CALL functionCreateImpureGetter(ExecState* exec)
+{
+    VM& vm = exec->vm();
+    JSLockHolder lock(vm);
+    JSValue target = exec->argument(0);
+    JSObject* delegate = nullptr;
+    if (target.isObject())
+        delegate = asObject(target.asCell());
+    Structure* structure = ImpureGetter::createStructure(vm, exec->lexicalGlobalObject(), jsNull());
+    ImpureGetter* result = ImpureGetter::create(vm, structure, delegate);
+    return JSValue::encode(result);
+}
+
+static EncodedJSValue JSC_HOST_CALL functionCreateCustomGetterObject(ExecState* exec)
+{
+    VM& vm = exec->vm();
+    JSLockHolder lock(vm);
+    Structure* structure = CustomGetter::createStructure(vm, exec->lexicalGlobalObject(), jsNull());
+    CustomGetter* result = CustomGetter::create(vm, structure);
+    return JSValue::encode(result);
+}
+
+static EncodedJSValue JSC_HOST_CALL functionCreateDOMJITNodeObject(ExecState* exec)
+{
+    VM& vm = exec->vm();
+    JSLockHolder lock(vm);
+    Structure* structure = DOMJITNode::createStructure(vm, exec->lexicalGlobalObject(), DOMJITGetter::create(vm, DOMJITGetter::createStructure(vm, exec->lexicalGlobalObject(), jsNull())));
+    DOMJITNode* result = DOMJITNode::create(vm, structure);
+    return JSValue::encode(result);
+}
+
+static EncodedJSValue JSC_HOST_CALL functionCreateDOMJITGetterObject(ExecState* exec)
+{
+    VM& vm = exec->vm();
+    JSLockHolder lock(vm);
+    Structure* structure = DOMJITGetter::createStructure(vm, exec->lexicalGlobalObject(), jsNull());
+    DOMJITGetter* result = DOMJITGetter::create(vm, structure);
+    return JSValue::encode(result);
+}
+
+static EncodedJSValue JSC_HOST_CALL functionCreateDOMJITGetterComplexObject(ExecState* exec)
+{
+    VM& vm = exec->vm();
+    JSLockHolder lock(vm);
+    Structure* structure = DOMJITGetterComplex::createStructure(vm, exec->lexicalGlobalObject(), jsNull());
+    DOMJITGetterComplex* result = DOMJITGetterComplex::create(vm, exec->lexicalGlobalObject(), structure);
+    return JSValue::encode(result);
+}
+
+static EncodedJSValue JSC_HOST_CALL functionCreateDOMJITFunctionObject(ExecState* exec)
+{
+    VM& vm = exec->vm();
+    JSLockHolder lock(vm);
+    Structure* structure = DOMJITFunctionObject::createStructure(vm, exec->lexicalGlobalObject(), jsNull());
+    DOMJITFunctionObject* result = DOMJITFunctionObject::create(vm, exec->lexicalGlobalObject(), structure);
+    return JSValue::encode(result);
+}
+
+static EncodedJSValue JSC_HOST_CALL functionCreateDOMJITCheckSubClassObject(ExecState* exec)
+{
+    VM& vm = exec->vm();
+    JSLockHolder lock(vm);
+    Structure* structure = DOMJITCheckSubClassObject::createStructure(vm, exec->lexicalGlobalObject(), jsNull());
+    DOMJITCheckSubClassObject* result = DOMJITCheckSubClassObject::create(vm, exec->lexicalGlobalObject(), structure);
+    return JSValue::encode(result);
+}
+
+static EncodedJSValue JSC_HOST_CALL functionCreateDOMJITGetterBaseJSObject(ExecState* exec)
+{
+    VM& vm = exec->vm();
+    JSLockHolder lock(vm);
+    Structure* structure = DOMJITGetterBaseJSObject::createStructure(vm, exec->lexicalGlobalObject(), jsNull());
+    DOMJITGetterBaseJSObject* result = DOMJITGetterBaseJSObject::create(vm, structure);
+    return JSValue::encode(result);
+}
+
+static EncodedJSValue JSC_HOST_CALL functionSetImpureGetterDelegate(ExecState* exec)
+{
+    VM& vm = exec->vm();
+    JSLockHolder lock(vm);
+    auto scope = DECLARE_THROW_SCOPE(vm);
+
+    JSValue base = exec->argument(0);
+    if (!base.isObject())
+        return JSValue::encode(jsUndefined());
+    JSValue delegate = exec->argument(1);
+    if (!delegate.isObject())
+        return JSValue::encode(jsUndefined());
+    ImpureGetter* impureGetter = jsDynamicCast<ImpureGetter*>(vm, asObject(base.asCell()));
+    if (UNLIKELY(!impureGetter)) {
+        throwTypeError(exec, scope, ASCIILiteral("argument is not an ImpureGetter"));
+        return encodedJSValue();
+    }
+    impureGetter->setDelegate(vm, asObject(delegate.asCell()));
+    return JSValue::encode(jsUndefined());
+}
+
+static EncodedJSValue JSC_HOST_CALL functionCreateBuiltin(ExecState* exec)
+{
+    VM& vm = exec->vm();
+    auto scope = DECLARE_THROW_SCOPE(vm);
+
+    if (exec->argumentCount() < 1 || !exec->argument(0).isString())
+        return JSValue::encode(jsUndefined());
+
+    String functionText = asString(exec->argument(0))->value(exec);
+    RETURN_IF_EXCEPTION(scope, encodedJSValue());
+
+    const SourceCode& source = makeSource(functionText, { });
+    JSFunction* func = JSFunction::create(vm, createBuiltinExecutable(vm, source, Identifier::fromString(&vm, "foo"), ConstructorKind::None, ConstructAbility::CannotConstruct)->link(vm, source), exec->lexicalGlobalObject());
+
+    return JSValue::encode(func);
+}
+
+static EncodedJSValue JSC_HOST_CALL functionCreateRoot(ExecState* exec)
+{
+    VM& vm = exec->vm();
+    JSLockHolder lock(vm);
+    return JSValue::encode(Root::create(vm, exec->lexicalGlobalObject()));
+}
+
+static EncodedJSValue JSC_HOST_CALL functionCreateElement(ExecState* exec)
+{
+    VM& vm = exec->vm();
+    JSLockHolder lock(vm);
+    auto scope = DECLARE_THROW_SCOPE(vm);
+
+    Root* root = jsDynamicCast<Root*>(vm, exec->argument(0));
+    if (!root)
+        return JSValue::encode(throwException(exec, scope, createError(exec, ASCIILiteral("Cannot create Element without a Root."))));
+    return JSValue::encode(Element::create(vm, exec->lexicalGlobalObject(), root));
+}
+
+static EncodedJSValue JSC_HOST_CALL functionGetElement(ExecState* exec)
+{
+    VM& vm = exec->vm();
+    JSLockHolder lock(vm);
+    Root* root = jsDynamicCast<Root*>(vm, exec->argument(0));
+    if (!root)
+        return JSValue::encode(jsUndefined());
+    Element* result = root->element();
+    return JSValue::encode(result ? result : jsUndefined());
+}
+
+static EncodedJSValue JSC_HOST_CALL functionCreateSimpleObject(ExecState* exec)
+{
+    VM& vm = exec->vm();
+    JSLockHolder lock(vm);
+    return JSValue::encode(SimpleObject::create(vm, exec->lexicalGlobalObject()));
+}
+
+static EncodedJSValue JSC_HOST_CALL functionGetHiddenValue(ExecState* exec)
+{
+    VM& vm = exec->vm();
+    JSLockHolder lock(vm);
+    auto scope = DECLARE_THROW_SCOPE(vm);
+
+    SimpleObject* simpleObject = jsDynamicCast<SimpleObject*>(vm, exec->argument(0));
+    if (UNLIKELY(!simpleObject)) {
+        throwTypeError(exec, scope, ASCIILiteral("Invalid use of getHiddenValue test function"));
+        return encodedJSValue();
+    }
+    return JSValue::encode(simpleObject->hiddenValue());
+}
+
+static EncodedJSValue JSC_HOST_CALL functionSetHiddenValue(ExecState* exec)
+{
+    VM& vm = exec->vm();
+    JSLockHolder lock(vm);
+    auto scope = DECLARE_THROW_SCOPE(vm);
+
+    SimpleObject* simpleObject = jsDynamicCast<SimpleObject*>(vm, exec->argument(0));
+    if (UNLIKELY(!simpleObject)) {
+        throwTypeError(exec, scope, ASCIILiteral("Invalid use of setHiddenValue test function"));
+        return encodedJSValue();
+    }
+    JSValue value = exec->argument(1);
+    simpleObject->setHiddenValue(vm, value);
+    return JSValue::encode(jsUndefined());
+}
+
+static EncodedJSValue JSC_HOST_CALL functionShadowChickenFunctionsOnStack(ExecState* exec)
+{
+    VM& vm = exec->vm();
+    return JSValue::encode(vm.shadowChicken().functionsOnStack(exec));
+}
+
+static EncodedJSValue JSC_HOST_CALL functionSetGlobalConstRedeclarationShouldNotThrow(ExecState* exec)
+{
+    VM& vm = exec->vm();
+    vm.setGlobalConstRedeclarationShouldThrow(false);
+    return JSValue::encode(jsUndefined());
+}
+
+static EncodedJSValue JSC_HOST_CALL functionFindTypeForExpression(ExecState* exec)
+{
+    VM& vm = exec->vm();
+    RELEASE_ASSERT(vm.typeProfiler());
+    vm.typeProfilerLog()->processLogEntries(ASCIILiteral("jsc Testing API: functionFindTypeForExpression"));
+
+    JSValue functionValue = exec->argument(0);
+    RELEASE_ASSERT(functionValue.isFunction());
+    FunctionExecutable* executable = (jsDynamicCast<JSFunction*>(vm, functionValue.asCell()->getObject()))->jsExecutable();
+
+    RELEASE_ASSERT(exec->argument(1).isString());
+    String substring = asString(exec->argument(1))->value(exec);
+    String sourceCodeText = executable->source().view().toString();
+    unsigned offset = static_cast<unsigned>(sourceCodeText.find(substring) + executable->source().startOffset());
+    
+    String jsonString = vm.typeProfiler()->typeInformationForExpressionAtOffset(TypeProfilerSearchDescriptorNormal, offset, executable->sourceID(), vm);
+    return JSValue::encode(JSONParse(exec, jsonString));
+}
+
+static EncodedJSValue JSC_HOST_CALL functionReturnTypeFor(ExecState* exec)
+{
+    VM& vm = exec->vm();
+    RELEASE_ASSERT(vm.typeProfiler());
+    vm.typeProfilerLog()->processLogEntries(ASCIILiteral("jsc Testing API: functionReturnTypeFor"));
+
+    JSValue functionValue = exec->argument(0);
+    RELEASE_ASSERT(functionValue.isFunction());
+    FunctionExecutable* executable = (jsDynamicCast<JSFunction*>(vm, functionValue.asCell()->getObject()))->jsExecutable();
+
+    unsigned offset = executable->typeProfilingStartOffset();
+    String jsonString = vm.typeProfiler()->typeInformationForExpressionAtOffset(TypeProfilerSearchDescriptorFunctionReturn, offset, executable->sourceID(), vm);
+    return JSValue::encode(JSONParse(exec, jsonString));
+}
+
+static EncodedJSValue JSC_HOST_CALL functionDumpBasicBlockExecutionRanges(ExecState* exec)
+{
+    VM& vm = exec->vm();
+    RELEASE_ASSERT(vm.controlFlowProfiler());
+    vm.controlFlowProfiler()->dumpData();
+    return JSValue::encode(jsUndefined());
+}
+
+static EncodedJSValue JSC_HOST_CALL functionHasBasicBlockExecuted(ExecState* exec)
+{
+    VM& vm = exec->vm();
+    RELEASE_ASSERT(vm.controlFlowProfiler());
+
+    JSValue functionValue = exec->argument(0);
+    RELEASE_ASSERT(functionValue.isFunction());
+    FunctionExecutable* executable = (jsDynamicCast<JSFunction*>(vm, functionValue.asCell()->getObject()))->jsExecutable();
+
+    RELEASE_ASSERT(exec->argument(1).isString());
+    String substring = asString(exec->argument(1))->value(exec);
+    String sourceCodeText = executable->source().view().toString();
+    RELEASE_ASSERT(sourceCodeText.contains(substring));
+    int offset = sourceCodeText.find(substring) + executable->source().startOffset();
     
-    addFunction(vm, globalObject, "crash", functionCrash, 0);
+    bool hasExecuted = vm.controlFlowProfiler()->hasBasicBlockAtTextOffsetBeenExecuted(offset, executable->sourceID(), vm);
+    return JSValue::encode(jsBoolean(hasExecuted));
+}
+
+static EncodedJSValue JSC_HOST_CALL functionBasicBlockExecutionCount(ExecState* exec)
+{
+    VM& vm = exec->vm();
+    RELEASE_ASSERT(vm.controlFlowProfiler());
+
+    JSValue functionValue = exec->argument(0);
+    RELEASE_ASSERT(functionValue.isFunction());
+    FunctionExecutable* executable = (jsDynamicCast<JSFunction*>(vm, functionValue.asCell()->getObject()))->jsExecutable();
+
+    RELEASE_ASSERT(exec->argument(1).isString());
+    String substring = asString(exec->argument(1))->value(exec);
+    String sourceCodeText = executable->source().view().toString();
+    RELEASE_ASSERT(sourceCodeText.contains(substring));
+    int offset = sourceCodeText.find(substring) + executable->source().startOffset();
     
+    size_t executionCount = vm.controlFlowProfiler()->basicBlockExecutionCountAtTextOffset(offset, executable->sourceID(), vm);
+    return JSValue::encode(JSValue(executionCount));
+}
+
+static EncodedJSValue JSC_HOST_CALL functionEnableExceptionFuzz(ExecState*)
+{
+    Options::useExceptionFuzz() = true;
+    return JSValue::encode(jsUndefined());
+}
+
+static EncodedJSValue JSC_HOST_CALL functionGlobalObjectForObject(ExecState* exec)
+{
+    JSValue value = exec->argument(0);
+    RELEASE_ASSERT(value.isObject());
+    JSGlobalObject* globalObject = jsCast<JSObject*>(value)->globalObject();
+    RELEASE_ASSERT(globalObject);
+    return JSValue::encode(globalObject);
+}
+
+static EncodedJSValue JSC_HOST_CALL functionGetGetterSetter(ExecState* exec)
+{
+    JSValue value = exec->argument(0);
+    if (!value.isObject())
+        return JSValue::encode(jsUndefined());
+
+    JSValue property = exec->argument(1);
+    if (!property.isString())
+        return JSValue::encode(jsUndefined());
+
+    PropertySlot slot(value, PropertySlot::InternalMethodType::VMInquiry);
+    value.getPropertySlot(exec, asString(property)->toIdentifier(exec), slot);
+
+    JSValue result;
+    if (slot.isCacheableGetter())
+        result = slot.getterSetter();
+    else
+        result = jsNull();
+
+    return JSValue::encode(result);
+}
+
+static EncodedJSValue JSC_HOST_CALL functionLoadGetterFromGetterSetter(ExecState* exec)
+{
+    VM& vm = exec->vm();
+    auto scope = DECLARE_THROW_SCOPE(vm);
+
+    GetterSetter* getterSetter = jsDynamicCast<GetterSetter*>(vm, exec->argument(0));
+    if (UNLIKELY(!getterSetter)) {
+        throwTypeError(exec, scope, ASCIILiteral("Invalid use of loadGetterFromGetterSetter test function: argument is not a GetterSetter"));
+        return encodedJSValue();
+    }
+
+    JSObject* getter = getterSetter->getter();
+    RELEASE_ASSERT(getter);
+    return JSValue::encode(getter);
+}
+
+static EncodedJSValue JSC_HOST_CALL functionCreateCustomTestGetterSetter(ExecState* exec)
+{
+    VM& vm = exec->vm();
+    JSGlobalObject* globalObject = exec->lexicalGlobalObject();
+    return JSValue::encode(JSTestCustomGetterSetter::create(vm, globalObject, JSTestCustomGetterSetter::createStructure(vm, globalObject)));
+}
+
+void JSDollarVM::finishCreation(VM& vm)
+{
+    Base::finishCreation(vm);
+
+    JSGlobalObject* globalObject = structure(vm)->globalObject();
+
+    auto addFunction = [&] (VM& vm, const char* name, NativeFunction function, unsigned arguments) {
+        JSDollarVM::addFunction(vm, globalObject, name, function, arguments);
+    };
+    auto addConstructibleFunction = [&] (VM& vm, const char* name, NativeFunction function, unsigned arguments) {
+        JSDollarVM::addConstructibleFunction(vm, globalObject, name, function, arguments);
+    };
+
+    addFunction(vm, "abort", functionCrash, 0);
+    addFunction(vm, "crash", functionCrash, 0);
+
     putDirectNativeFunction(vm, globalObject, Identifier::fromString(&vm, "dfgTrue"), 0, functionDFGTrue, DFGTrueIntrinsic, static_cast<unsigned>(PropertyAttribute::DontEnum));
 
     putDirectNativeFunction(vm, globalObject, Identifier::fromString(&vm, "cpuMfence"), 0, functionCpuMfence, CPUMfenceIntrinsic, 0);
     putDirectNativeFunction(vm, globalObject, Identifier::fromString(&vm, "cpuRdtsc"), 0, functionCpuRdtsc, CPURdtscIntrinsic, 0);
     putDirectNativeFunction(vm, globalObject, Identifier::fromString(&vm, "cpuCpuid"), 0, functionCpuCpuid, CPUCpuidIntrinsic, 0);
     putDirectNativeFunction(vm, globalObject, Identifier::fromString(&vm, "cpuPause"), 0, functionCpuPause, CPUPauseIntrinsic, 0);
-    addFunction(vm, globalObject, "cpuClflush", functionCpuClflush, 2);
-    
-    addFunction(vm, globalObject, "llintTrue", functionLLintTrue, 0);
-    addFunction(vm, globalObject, "jitTrue", functionJITTrue, 0);
-    
-    addFunction(vm, globalObject, "gc", functionGC, 0);
-    addFunction(vm, globalObject, "edenGC", functionEdenGC, 0);
-    
-    addFunction(vm, globalObject, "codeBlockFor", functionCodeBlockFor, 1);
-    addFunction(vm, globalObject, "codeBlockForFrame", functionCodeBlockForFrame, 1);
-    addFunction(vm, globalObject, "printSourceFor", functionPrintSourceFor, 1);
-    addFunction(vm, globalObject, "printBytecodeFor", functionPrintBytecodeFor, 1);
-    
-    addFunction(vm, globalObject, "print", functionPrint, 1);
-    addFunction(vm, globalObject, "printCallFrame", functionPrintCallFrame, 0);
-    addFunction(vm, globalObject, "printStack", functionPrintStack, 0);
+    addFunction(vm, "cpuClflush", functionCpuClflush, 2);
+
+    addFunction(vm, "llintTrue", functionLLintTrue, 0);
+    addFunction(vm, "jitTrue", functionJITTrue, 0);
+
+    addFunction(vm, "gc", functionGC, 0);
+    addFunction(vm, "edenGC", functionEdenGC, 0);
+
+    addFunction(vm, "codeBlockFor", functionCodeBlockFor, 1);
+    addFunction(vm, "codeBlockForFrame", functionCodeBlockForFrame, 1);
+    addFunction(vm, "printSourceFor", functionPrintSourceFor, 1);
+    addFunction(vm, "printBytecodeFor", functionPrintBytecodeFor, 1);
+
+    addFunction(vm, "print", functionPrint, 1);
+    addFunction(vm, "printCallFrame", functionPrintCallFrame, 0);
+    addFunction(vm, "printStack", functionPrintStack, 0);
+
+    addFunction(vm, "value", functionValue, 1);
+    addFunction(vm, "getpid", functionGetPID, 0);
+
+    addFunction(vm, "createProxy", functionCreateProxy, 1);
+    addFunction(vm, "createRuntimeArray", functionCreateRuntimeArray, 0);
+
+    addFunction(vm, "createImpureGetter", functionCreateImpureGetter, 1);
+    addFunction(vm, "createCustomGetterObject", functionCreateCustomGetterObject, 0);
+    addFunction(vm, "createDOMJITNodeObject", functionCreateDOMJITNodeObject, 0);
+    addFunction(vm, "createDOMJITGetterObject", functionCreateDOMJITGetterObject, 0);
+    addFunction(vm, "createDOMJITGetterComplexObject", functionCreateDOMJITGetterComplexObject, 0);
+    addFunction(vm, "createDOMJITFunctionObject", functionCreateDOMJITFunctionObject, 0);
+    addFunction(vm, "createDOMJITCheckSubClassObject", functionCreateDOMJITCheckSubClassObject, 0);
+    addFunction(vm, "createDOMJITGetterBaseJSObject", functionCreateDOMJITGetterBaseJSObject, 0);
+    addFunction(vm, "createBuiltin", functionCreateBuiltin, 2);
+    addFunction(vm, "setImpureGetterDelegate", functionSetImpureGetterDelegate, 2);
+
+    addConstructibleFunction(vm, "Root", functionCreateRoot, 0);
+    addConstructibleFunction(vm, "Element", functionCreateElement, 1);
+    addFunction(vm, "getElement", functionGetElement, 1);
 
-    addFunction(vm, globalObject, "value", functionValue, 1);
-    addFunction(vm, globalObject, "getpid", functionGetPID, 0);
+    addConstructibleFunction(vm, "SimpleObject", functionCreateSimpleObject, 0);
+    addFunction(vm, "getHiddenValue", functionGetHiddenValue, 1);
+    addFunction(vm, "setHiddenValue", functionSetHiddenValue, 2);
+
+    addFunction(vm, "shadowChickenFunctionsOnStack", functionShadowChickenFunctionsOnStack, 0);
+    addFunction(vm, "setGlobalConstRedeclarationShouldNotThrow", functionSetGlobalConstRedeclarationShouldNotThrow, 0);
+
+    addFunction(vm, "findTypeForExpression", functionFindTypeForExpression, 2);
+    addFunction(vm, "returnTypeFor", functionReturnTypeFor, 1);
+
+    addFunction(vm, "dumpBasicBlockExecutionRanges", functionDumpBasicBlockExecutionRanges , 0);
+    addFunction(vm, "hasBasicBlockExecuted", functionHasBasicBlockExecuted, 2);
+    addFunction(vm, "basicBlockExecutionCount", functionBasicBlockExecutionCount, 2);
+
+    addFunction(vm, "enableExceptionFuzz", functionEnableExceptionFuzz, 0);
+
+    addFunction(vm, "globalObjectForObject", functionGlobalObjectForObject, 1);
+
+    addFunction(vm, "getGetterSetter", functionGetGetterSetter, 2);
+    addFunction(vm, "loadGetterFromGetterSetter", functionLoadGetterFromGetterSetter, 1);
+    addFunction(vm, "createCustomTestGetterSetter", functionCreateCustomTestGetterSetter, 1);
+}
+
+void JSDollarVM::addFunction(VM& vm, JSGlobalObject* globalObject, const char* name, NativeFunction function, unsigned arguments)
+{
+    Identifier identifier = Identifier::fromString(&vm, name);
+    putDirect(vm, identifier, JSFunction::create(vm, globalObject, arguments, identifier.string(), function));
+}
+
+void JSDollarVM::addConstructibleFunction(VM& vm, JSGlobalObject* globalObject, const char* name, NativeFunction function, unsigned arguments)
+{
+    Identifier identifier = Identifier::fromString(&vm, name);
+    putDirect(vm, identifier, JSFunction::create(vm, globalObject, arguments, identifier.string(), function, NoIntrinsic, function));
 }
 
 } // namespace JSC
index cfe430f..922b494 100644 (file)
@@ -40,10 +40,10 @@ public:
         return Structure::create(vm, globalObject, prototype, TypeInfo(ObjectType, StructureFlags), info());
     }
 
-    static JSDollarVM* create(VM& vm, JSGlobalObject* globalObject, Structure* structure)
+    static JSDollarVM* create(VM& vm, Structure* structure)
     {
         JSDollarVM* instance = new (NotNull, allocateCell<JSDollarVM>(vm.heap)) JSDollarVM(vm, structure);
-        instance->finishCreation(vm, globalObject);
+        instance->finishCreation(vm);
         return instance;
     }
     
@@ -53,8 +53,9 @@ private:
     {
     }
 
-    void finishCreation(VM&, JSGlobalObject*);
+    void finishCreation(VM&);
     void addFunction(VM&, JSGlobalObject*, const char* name, NativeFunction, unsigned arguments);
+    void addConstructibleFunction(VM&, JSGlobalObject*, const char* name, NativeFunction, unsigned arguments);
 };
 
 } // namespace JSC
index ac99f46..00fa558 100644 (file)
@@ -1,3 +1,18 @@
+2017-11-24  Mark Lam  <mark.lam@apple.com>
+
+        Move unsafe jsc shell test functions to the $vm object.
+        https://bugs.webkit.org/show_bug.cgi?id=179980
+
+        Reviewed by Yusuke Suzuki.
+
+        Always set --useDollarVM=true for jsc runs of benchmarks.  This is needed because
+        some microbenchmarks relies on createBuiltin().
+
+        Also set --useDollarVM=true for runExceptionFuzz and runExecutableAllocationFuzz.
+
+        * Scripts/run-jsc-benchmarks:
+        * Scripts/run-jsc-stress-tests:
+
 2017-11-23  Darin Adler  <darin@apple.com>
 
         Reduce WTF::String operations that do unnecessary Unicode operations instead of ASCII
index 1bb4eb5..0504a57 100755 (executable)
@@ -1407,6 +1407,7 @@ class VM
       | key |
       $script.puts "unset #{Shellwords.shellescape(key)}"
     }
+    $script.puts "export JSC_useDollarVM=true" if @vmType == :jsc
     $script.puts "export DYLD_LIBRARY_PATH=#{Shellwords.shellescape(myLibPath.join(':').to_s)}"
     $script.puts "export DYLD_FRAMEWORK_PATH=#{Shellwords.shellescape(myLibPath.join(':').to_s)}"
     $script.puts "export LD_LIBRARY_PATH=#{Shellwords.shellescape(myLibPath.join(':').to_s)}"
index cb83f93..dd571e1 100755 (executable)
@@ -848,12 +848,12 @@ def runProfiler
 end
 
 def runExceptionFuzz
-    subCommand = escapeAll([pathToVM.to_s, $benchmark.to_s])
+    subCommand = escapeAll([pathToVM.to_s, "--useDollarVM=true", $benchmark.to_s])
     addRunCommand("exception-fuzz", ["perl", (pathToHelpers + "js-exception-fuzz").to_s, subCommand], silentOutputHandler, simpleErrorHandler)
 end
 
 def runExecutableAllocationFuzz(name, *options)
-    subCommand = escapeAll([pathToVM.to_s, $benchmark.to_s] + options)
+    subCommand = escapeAll([pathToVM.to_s, "--useDollarVM=true", $benchmark.to_s] + options)
     addRunCommand("executable-allocation-fuzz-" + name, ["perl", (pathToHelpers + "js-executable-allocation-fuzz").to_s, subCommand], silentOutputHandler, simpleErrorHandler)
 end