2011-04-15 Oliver Hunt <oliver@apple.com>
authoroliver@apple.com <oliver@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 15 Apr 2011 23:55:42 +0000 (23:55 +0000)
committeroliver@apple.com <oliver@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 15 Apr 2011 23:55:42 +0000 (23:55 +0000)
        GC allocate Structure
        https://bugs.webkit.org/show_bug.cgi?id=58483

        Rolling r83894 r83827 r83810 r83809 r83808 back in with
        a workaround for the gcc bug seen by the gtk bots

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@84052 268f45cc-cd09-0410-ab3c-d52691b4dbfc

191 files changed:
LayoutTests/ChangeLog
LayoutTests/fast/dom/gc-10.html
Source/JavaScriptCore/API/JSCallbackConstructor.cpp
Source/JavaScriptCore/API/JSCallbackConstructor.h
Source/JavaScriptCore/API/JSCallbackFunction.h
Source/JavaScriptCore/API/JSCallbackObject.h
Source/JavaScriptCore/API/JSCallbackObjectFunctions.h
Source/JavaScriptCore/API/JSContextRef.cpp
Source/JavaScriptCore/ChangeLog
Source/JavaScriptCore/JavaScriptCore.JSVALUE32_64only.exp
Source/JavaScriptCore/JavaScriptCore.JSVALUE64only.exp
Source/JavaScriptCore/JavaScriptCore.exp
Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def
Source/JavaScriptCore/bytecode/CodeBlock.cpp
Source/JavaScriptCore/bytecode/CodeBlock.h
Source/JavaScriptCore/bytecode/Instruction.h
Source/JavaScriptCore/bytecode/StructureStubInfo.cpp
Source/JavaScriptCore/bytecode/StructureStubInfo.h
Source/JavaScriptCore/debugger/DebuggerActivation.cpp
Source/JavaScriptCore/debugger/DebuggerActivation.h
Source/JavaScriptCore/heap/Handle.h
Source/JavaScriptCore/heap/MarkStack.cpp
Source/JavaScriptCore/heap/MarkedBlock.cpp
Source/JavaScriptCore/heap/Strong.h
Source/JavaScriptCore/interpreter/Interpreter.cpp
Source/JavaScriptCore/jit/JIT.h
Source/JavaScriptCore/jit/JITPropertyAccess.cpp
Source/JavaScriptCore/jit/JITPropertyAccess32_64.cpp
Source/JavaScriptCore/jit/JITStubs.cpp
Source/JavaScriptCore/jit/JSInterfaceJIT.h
Source/JavaScriptCore/jsc.cpp
Source/JavaScriptCore/runtime/Arguments.h
Source/JavaScriptCore/runtime/ArrayConstructor.cpp
Source/JavaScriptCore/runtime/ArrayConstructor.h
Source/JavaScriptCore/runtime/ArrayPrototype.cpp
Source/JavaScriptCore/runtime/ArrayPrototype.h
Source/JavaScriptCore/runtime/BatchedTransitionOptimizer.h
Source/JavaScriptCore/runtime/BooleanConstructor.cpp
Source/JavaScriptCore/runtime/BooleanConstructor.h
Source/JavaScriptCore/runtime/BooleanObject.cpp
Source/JavaScriptCore/runtime/BooleanObject.h
Source/JavaScriptCore/runtime/BooleanPrototype.cpp
Source/JavaScriptCore/runtime/BooleanPrototype.h
Source/JavaScriptCore/runtime/DateConstructor.cpp
Source/JavaScriptCore/runtime/DateConstructor.h
Source/JavaScriptCore/runtime/DateInstance.cpp
Source/JavaScriptCore/runtime/DateInstance.h
Source/JavaScriptCore/runtime/DatePrototype.cpp
Source/JavaScriptCore/runtime/DatePrototype.h
Source/JavaScriptCore/runtime/Error.cpp
Source/JavaScriptCore/runtime/ErrorConstructor.cpp
Source/JavaScriptCore/runtime/ErrorConstructor.h
Source/JavaScriptCore/runtime/ErrorInstance.cpp
Source/JavaScriptCore/runtime/ErrorInstance.h
Source/JavaScriptCore/runtime/ErrorPrototype.cpp
Source/JavaScriptCore/runtime/ErrorPrototype.h
Source/JavaScriptCore/runtime/ExceptionHelpers.cpp
Source/JavaScriptCore/runtime/Executable.cpp
Source/JavaScriptCore/runtime/Executable.h
Source/JavaScriptCore/runtime/FunctionConstructor.cpp
Source/JavaScriptCore/runtime/FunctionConstructor.h
Source/JavaScriptCore/runtime/FunctionPrototype.cpp
Source/JavaScriptCore/runtime/FunctionPrototype.h
Source/JavaScriptCore/runtime/GetterSetter.h
Source/JavaScriptCore/runtime/InitializeThreading.cpp
Source/JavaScriptCore/runtime/InternalFunction.cpp
Source/JavaScriptCore/runtime/InternalFunction.h
Source/JavaScriptCore/runtime/JSAPIValueWrapper.h
Source/JavaScriptCore/runtime/JSActivation.cpp
Source/JavaScriptCore/runtime/JSActivation.h
Source/JavaScriptCore/runtime/JSArray.cpp
Source/JavaScriptCore/runtime/JSArray.h
Source/JavaScriptCore/runtime/JSByteArray.cpp
Source/JavaScriptCore/runtime/JSByteArray.h
Source/JavaScriptCore/runtime/JSCell.cpp
Source/JavaScriptCore/runtime/JSCell.h
Source/JavaScriptCore/runtime/JSFunction.cpp
Source/JavaScriptCore/runtime/JSFunction.h
Source/JavaScriptCore/runtime/JSGlobalData.cpp
Source/JavaScriptCore/runtime/JSGlobalData.h
Source/JavaScriptCore/runtime/JSGlobalObject.cpp
Source/JavaScriptCore/runtime/JSGlobalObject.h
Source/JavaScriptCore/runtime/JSNotAnObject.h
Source/JavaScriptCore/runtime/JSONObject.cpp
Source/JavaScriptCore/runtime/JSONObject.h
Source/JavaScriptCore/runtime/JSObject.cpp
Source/JavaScriptCore/runtime/JSObject.h
Source/JavaScriptCore/runtime/JSObjectWithGlobalObject.cpp
Source/JavaScriptCore/runtime/JSObjectWithGlobalObject.h
Source/JavaScriptCore/runtime/JSPropertyNameIterator.cpp
Source/JavaScriptCore/runtime/JSPropertyNameIterator.h
Source/JavaScriptCore/runtime/JSStaticScopeObject.h
Source/JavaScriptCore/runtime/JSString.h
Source/JavaScriptCore/runtime/JSType.h
Source/JavaScriptCore/runtime/JSTypeInfo.h
Source/JavaScriptCore/runtime/JSValue.h
Source/JavaScriptCore/runtime/JSVariableObject.h
Source/JavaScriptCore/runtime/JSWrapperObject.h
Source/JavaScriptCore/runtime/JSZombie.cpp
Source/JavaScriptCore/runtime/JSZombie.h
Source/JavaScriptCore/runtime/MathObject.cpp
Source/JavaScriptCore/runtime/MathObject.h
Source/JavaScriptCore/runtime/NativeErrorConstructor.cpp
Source/JavaScriptCore/runtime/NativeErrorConstructor.h
Source/JavaScriptCore/runtime/NativeErrorPrototype.cpp
Source/JavaScriptCore/runtime/NativeErrorPrototype.h
Source/JavaScriptCore/runtime/NumberConstructor.cpp
Source/JavaScriptCore/runtime/NumberConstructor.h
Source/JavaScriptCore/runtime/NumberObject.cpp
Source/JavaScriptCore/runtime/NumberObject.h
Source/JavaScriptCore/runtime/NumberPrototype.cpp
Source/JavaScriptCore/runtime/NumberPrototype.h
Source/JavaScriptCore/runtime/ObjectConstructor.cpp
Source/JavaScriptCore/runtime/ObjectConstructor.h
Source/JavaScriptCore/runtime/ObjectPrototype.cpp
Source/JavaScriptCore/runtime/ObjectPrototype.h
Source/JavaScriptCore/runtime/PropertyMapHashTable.h
Source/JavaScriptCore/runtime/RegExpConstructor.cpp
Source/JavaScriptCore/runtime/RegExpConstructor.h
Source/JavaScriptCore/runtime/RegExpObject.cpp
Source/JavaScriptCore/runtime/RegExpObject.h
Source/JavaScriptCore/runtime/RegExpPrototype.cpp
Source/JavaScriptCore/runtime/RegExpPrototype.h
Source/JavaScriptCore/runtime/ScopeChain.h
Source/JavaScriptCore/runtime/StrictEvalActivation.cpp
Source/JavaScriptCore/runtime/StringConstructor.cpp
Source/JavaScriptCore/runtime/StringConstructor.h
Source/JavaScriptCore/runtime/StringObject.cpp
Source/JavaScriptCore/runtime/StringObject.h
Source/JavaScriptCore/runtime/StringObjectThatMasqueradesAsUndefined.h
Source/JavaScriptCore/runtime/StringPrototype.cpp
Source/JavaScriptCore/runtime/StringPrototype.h
Source/JavaScriptCore/runtime/Structure.cpp
Source/JavaScriptCore/runtime/Structure.h
Source/JavaScriptCore/runtime/StructureChain.cpp
Source/JavaScriptCore/runtime/StructureChain.h
Source/JavaScriptCore/runtime/StructureTransitionTable.h
Source/JavaScriptCore/runtime/WeakGCMap.h
Source/JavaScriptCore/runtime/WriteBarrier.h
Source/JavaScriptGlue/ChangeLog
Source/JavaScriptGlue/JSRun.cpp
Source/JavaScriptGlue/JSRun.h
Source/JavaScriptGlue/JSUtils.cpp
Source/JavaScriptGlue/UserObjectImp.cpp
Source/JavaScriptGlue/UserObjectImp.h
Source/WebCore/ChangeLog
Source/WebCore/WebCore.exp.in
Source/WebCore/bindings/js/JSAudioConstructor.h
Source/WebCore/bindings/js/JSDOMBinding.cpp
Source/WebCore/bindings/js/JSDOMBinding.h
Source/WebCore/bindings/js/JSDOMGlobalObject.cpp
Source/WebCore/bindings/js/JSDOMGlobalObject.h
Source/WebCore/bindings/js/JSDOMWindowBase.cpp
Source/WebCore/bindings/js/JSDOMWindowBase.h
Source/WebCore/bindings/js/JSDOMWindowShell.cpp
Source/WebCore/bindings/js/JSDOMWindowShell.h
Source/WebCore/bindings/js/JSDOMWrapper.h
Source/WebCore/bindings/js/JSEventListener.cpp
Source/WebCore/bindings/js/JSImageConstructor.h
Source/WebCore/bindings/js/JSImageDataCustom.cpp
Source/WebCore/bindings/js/JSOptionConstructor.h
Source/WebCore/bindings/js/JSWorkerContextBase.cpp
Source/WebCore/bindings/js/JSWorkerContextBase.h
Source/WebCore/bindings/js/ScriptCachedFrameData.h
Source/WebCore/bindings/js/SerializedScriptValue.h
Source/WebCore/bindings/js/WorkerScriptController.cpp
Source/WebCore/bindings/scripts/CodeGeneratorJS.pm
Source/WebCore/bridge/c/CRuntimeObject.h
Source/WebCore/bridge/c/c_instance.cpp
Source/WebCore/bridge/jni/jsc/JavaInstanceJSC.cpp
Source/WebCore/bridge/jni/jsc/JavaRuntimeObject.h
Source/WebCore/bridge/objc/ObjCRuntimeObject.h
Source/WebCore/bridge/objc/objc_instance.mm
Source/WebCore/bridge/objc/objc_runtime.h
Source/WebCore/bridge/qt/qt_instance.cpp
Source/WebCore/bridge/qt/qt_pixmapruntime.cpp
Source/WebCore/bridge/qt/qt_runtime.h
Source/WebCore/bridge/runtime_array.cpp
Source/WebCore/bridge/runtime_array.h
Source/WebCore/bridge/runtime_method.cpp
Source/WebCore/bridge/runtime_method.h
Source/WebCore/bridge/runtime_object.cpp
Source/WebCore/bridge/runtime_object.h
Source/WebCore/history/HistoryItem.h
Source/WebKit/mac/ChangeLog
Source/WebKit/mac/Plugins/Hosted/NetscapePluginInstanceProxy.h
Source/WebKit/mac/Plugins/Hosted/ProxyInstance.mm
Source/WebKit/mac/Plugins/Hosted/ProxyRuntimeObject.h
Source/WebKit2/ChangeLog
Source/WebKit2/WebProcess/Plugins/Netscape/JSNPMethod.h
Source/WebKit2/WebProcess/Plugins/Netscape/JSNPObject.h

index a930f8d..607584f 100644 (file)
@@ -1,3 +1,13 @@
+2011-04-15  Oliver Hunt  <oliver@apple.com>
+
+        GC allocate Structure
+        https://bugs.webkit.org/show_bug.cgi?id=58483
+
+        Rolling r83894 r83827 r83810 r83809 r83808 back in with
+        a workaround for the gcc bug seen by the gtk bots
+
+        * fast/dom/gc-10.html:
+
 2011-04-15  Andreas Kling  <kling@webkit.org>
 
         Unreviewed, remove a Qt-specific expectation that's no longer needed.
index aa1dd45..a9571a8 100644 (file)
@@ -20,6 +20,7 @@ function test()
     if (window.GCController)
     {
         GCController.collect();
+        window.frames.myframe.location.reload(true);
         before = GCController.getJSObjectCount();
         
         window.frames.myframe.location.reload(true);
index e8ae274..fa9d216 100644 (file)
@@ -38,7 +38,7 @@ namespace JSC {
 
 const ClassInfo JSCallbackConstructor::s_info = { "CallbackConstructor", &JSObjectWithGlobalObject::s_info, 0, 0 };
 
-JSCallbackConstructor::JSCallbackConstructor(JSGlobalObject* globalObject, NonNullPassRefPtr<Structure> structure, JSClassRef jsClass, JSObjectCallAsConstructorCallback callback)
+JSCallbackConstructor::JSCallbackConstructor(JSGlobalObject* globalObject, Structure* structure, JSClassRef jsClass, JSObjectCallAsConstructorCallback callback)
     : JSObjectWithGlobalObject(globalObject, structure)
     , m_class(jsClass)
     , m_callback(callback)
index 001c416..64b237d 100644 (file)
@@ -33,13 +33,13 @@ namespace JSC {
 
 class JSCallbackConstructor : public JSObjectWithGlobalObject {
 public:
-    JSCallbackConstructor(JSGlobalObject*, NonNullPassRefPtr<Structure>, JSClassRef, JSObjectCallAsConstructorCallback);
+    JSCallbackConstructor(JSGlobalObject*, Structure*, JSClassRef, JSObjectCallAsConstructorCallback);
     virtual ~JSCallbackConstructor();
     JSClassRef classRef() const { return m_class; }
     JSObjectCallAsConstructorCallback callback() const { return m_callback; }
     static const ClassInfo s_info;
 
-    static PassRefPtr<Structure> createStructure(JSGlobalData& globalData, JSValue proto) 
+    static Structure* createStructure(JSGlobalData& globalData, JSValue proto) 
     {
         return Structure::create(globalData, proto, TypeInfo(ObjectType, StructureFlags), AnonymousSlotCount, &s_info);
     }
index 11fb95c..55c9ed4 100644 (file)
@@ -39,7 +39,7 @@ public:
     
     // InternalFunction mish-mashes constructor and function behavior -- we should 
     // refactor the code so this override isn't necessary
-    static PassRefPtr<Structure> createStructure(JSGlobalData& globalData, JSValue proto) 
+    static Structure* createStructure(JSGlobalData& globalData, JSValue proto) 
     { 
         return Structure::create(globalData, proto, TypeInfo(ObjectType, StructureFlags), AnonymousSlotCount, &s_info); 
     }
index 60fd8cd..d2e0dcb 100644 (file)
@@ -117,8 +117,8 @@ struct JSCallbackObjectData : WeakHandleOwner {
 template <class Base>
 class JSCallbackObject : public Base {
 public:
-    JSCallbackObject(ExecState*, JSGlobalObject*, NonNullPassRefPtr<Structure>, JSClassRef, void* data);
-    JSCallbackObject(JSClassRef, NonNullPassRefPtr<Structure>);
+    JSCallbackObject(ExecState*, JSGlobalObject*, Structure*, JSClassRef, void* data);
+    JSCallbackObject(JSGlobalData&, JSClassRef, Structure*);
 
     void setPrivate(void* data);
     void* getPrivate();
@@ -128,7 +128,7 @@ public:
     JSClassRef classRef() const { return m_callbackObjectData->jsClass; }
     bool inherits(JSClassRef) const;
 
-    static PassRefPtr<Structure> createStructure(JSGlobalData& globalData, JSValue proto) 
+    static Structure* createStructure(JSGlobalData& globalData, JSValue proto) 
     { 
         return Structure::create(globalData, proto, TypeInfo(ObjectType, StructureFlags), Base::AnonymousSlotCount, &s_info); 
     }
index 50b84c7..8639e1a 100644 (file)
@@ -50,7 +50,7 @@ inline JSCallbackObject<Base>* JSCallbackObject<Base>::asCallbackObject(JSValue
 }
 
 template <class Base>
-JSCallbackObject<Base>::JSCallbackObject(ExecState* exec, JSGlobalObject* globalObject, NonNullPassRefPtr<Structure> structure, JSClassRef jsClass, void* data)
+JSCallbackObject<Base>::JSCallbackObject(ExecState* exec, JSGlobalObject* globalObject, Structure* structure, JSClassRef jsClass, void* data)
     : Base(globalObject, structure)
     , m_callbackObjectData(adoptPtr(new JSCallbackObjectData(data, jsClass)))
 {
@@ -61,8 +61,8 @@ JSCallbackObject<Base>::JSCallbackObject(ExecState* exec, JSGlobalObject* global
 // Global object constructor.
 // FIXME: Move this into a separate JSGlobalCallbackObject class derived from this one.
 template <class Base>
-JSCallbackObject<Base>::JSCallbackObject(JSClassRef jsClass, NonNullPassRefPtr<Structure> structure)
-    : Base(structure)
+JSCallbackObject<Base>::JSCallbackObject(JSGlobalData& globalData, JSClassRef jsClass, Structure* structure)
+    : Base(globalData, structure)
     , m_callbackObjectData(adoptPtr(new JSCallbackObjectData(0, jsClass)))
 {
     ASSERT(Base::inherits(&s_info));
index 158b256..03d0622 100644 (file)
@@ -97,7 +97,7 @@ JSGlobalContextRef JSGlobalContextCreateInGroup(JSContextGroupRef group, JSClass
         return JSGlobalContextRetain(toGlobalRef(globalObject->globalExec()));
     }
 
-    JSGlobalObject* globalObject = new (globalData.get()) JSCallbackObject<JSGlobalObject>(globalObjectClass, JSCallbackObject<JSGlobalObject>::createStructure(*globalData, jsNull()));
+    JSGlobalObject* globalObject = new (globalData.get()) JSCallbackObject<JSGlobalObject>(*globalData, globalObjectClass, JSCallbackObject<JSGlobalObject>::createStructure(*globalData, jsNull()));
     ExecState* exec = globalObject->globalExec();
     JSValue prototype = globalObjectClass->prototype(exec);
     if (!prototype)
@@ -141,9 +141,10 @@ void JSGlobalContextRelease(JSGlobalContextRef ctx)
     //   it may  release a lot of GC memory - run the garbage collector now.
     // * If there are more references remaining the the global object, then do nothing
     //   (specifically that is more protects, which we assume come from other JSGlobalContextRefs).
-    if (releasingContextGroup)
+    if (releasingContextGroup) {
+        globalData.clearBuiltinStructures();
         globalData.heap.destroy();
-    else if (releasingGlobalObject)
+    else if (releasingGlobalObject)
         globalData.heap.collectAllGarbage();
 
     globalData.deref();
index 1f831c9..ddd5b12 100644 (file)
@@ -1,3 +1,408 @@
+2011-04-15  Oliver Hunt  <oliver@apple.com>
+
+        GC allocate Structure
+        https://bugs.webkit.org/show_bug.cgi?id=58483
+
+        Rolling r83894 r83827 r83810 r83809 r83808 back in with
+        a workaround for the gcc bug seen by the gtk bots
+
+        * API/JSCallbackConstructor.cpp:
+        (JSC::JSCallbackConstructor::JSCallbackConstructor):
+        * API/JSCallbackConstructor.h:
+        (JSC::JSCallbackConstructor::createStructure):
+        * API/JSCallbackFunction.h:
+        (JSC::JSCallbackFunction::createStructure):
+        * API/JSCallbackObject.h:
+        (JSC::JSCallbackObject::createStructure):
+        * API/JSCallbackObjectFunctions.h:
+        (JSC::::JSCallbackObject):
+        * API/JSContextRef.cpp:
+        * JavaScriptCore.JSVALUE32_64only.exp:
+        * JavaScriptCore.JSVALUE64only.exp:
+        * JavaScriptCore.exp:
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+        * bytecode/CodeBlock.cpp:
+        (JSC::CodeBlock::~CodeBlock):
+        (JSC::CodeBlock::markStructures):
+        (JSC::CodeBlock::markAggregate):
+        * bytecode/CodeBlock.h:
+        (JSC::MethodCallLinkInfo::setSeen):
+        (JSC::GlobalResolveInfo::GlobalResolveInfo):
+        * bytecode/Instruction.h:
+        (JSC::PolymorphicAccessStructureList::PolymorphicStubInfo::set):
+        (JSC::PolymorphicAccessStructureList::PolymorphicAccessStructureList):
+        (JSC::PolymorphicAccessStructureList::markAggregate):
+        (JSC::Instruction::Instruction):
+        * bytecode/StructureStubInfo.cpp:
+        (JSC::StructureStubInfo::deref):
+        (JSC::StructureStubInfo::markAggregate):
+        * bytecode/StructureStubInfo.h:
+        (JSC::StructureStubInfo::initGetByIdSelf):
+        (JSC::StructureStubInfo::initGetByIdProto):
+        (JSC::StructureStubInfo::initGetByIdChain):
+        (JSC::StructureStubInfo::initPutByIdTransition):
+        (JSC::StructureStubInfo::initPutByIdReplace):
+        * debugger/DebuggerActivation.cpp:
+        (JSC::DebuggerActivation::DebuggerActivation):
+        * debugger/DebuggerActivation.h:
+        (JSC::DebuggerActivation::createStructure):
+        * heap/Handle.h:
+        * heap/MarkStack.cpp:
+        (JSC::MarkStack::markChildren):
+        (JSC::MarkStack::drain):
+        * heap/MarkedBlock.cpp:
+        (JSC::MarkedBlock::MarkedBlock):
+        (JSC::MarkedBlock::sweep):
+        * heap/Strong.h:
+        (JSC::Strong::Strong):
+        (JSC::Strong::set):
+        * interpreter/Interpreter.cpp:
+        (JSC::Interpreter::resolveGlobal):
+        (JSC::Interpreter::resolveGlobalDynamic):
+        (JSC::Interpreter::tryCachePutByID):
+        (JSC::Interpreter::uncachePutByID):
+        (JSC::Interpreter::tryCacheGetByID):
+        (JSC::Interpreter::uncacheGetByID):
+        (JSC::Interpreter::privateExecute):
+        * jit/JIT.h:
+        * jit/JITPropertyAccess.cpp:
+        (JSC::JIT::privateCompilePutByIdTransition):
+        (JSC::JIT::patchMethodCallProto):
+        (JSC::JIT::privateCompileGetByIdProto):
+        (JSC::JIT::privateCompileGetByIdSelfList):
+        (JSC::JIT::privateCompileGetByIdProtoList):
+        (JSC::JIT::privateCompileGetByIdChainList):
+        (JSC::JIT::privateCompileGetByIdChain):
+        * jit/JITPropertyAccess32_64.cpp:
+        (JSC::JIT::privateCompilePutByIdTransition):
+        (JSC::JIT::patchMethodCallProto):
+        (JSC::JIT::privateCompileGetByIdProto):
+        (JSC::JIT::privateCompileGetByIdSelfList):
+        (JSC::JIT::privateCompileGetByIdProtoList):
+        (JSC::JIT::privateCompileGetByIdChainList):
+        (JSC::JIT::privateCompileGetByIdChain):
+        * jit/JITStubs.cpp:
+        (JSC::JITThunks::tryCachePutByID):
+        (JSC::JITThunks::tryCacheGetByID):
+        (JSC::DEFINE_STUB_FUNCTION):
+        (JSC::getPolymorphicAccessStructureListSlot):
+        * jit/JSInterfaceJIT.h:
+        (JSC::JSInterfaceJIT::storePtrWithWriteBarrier):
+        * jsc.cpp:
+        (cleanupGlobalData):
+        * runtime/Arguments.h:
+        (JSC::Arguments::createStructure):
+        (JSC::Arguments::Arguments):
+        (JSC::JSActivation::copyRegisters):
+        * runtime/ArrayConstructor.cpp:
+        (JSC::ArrayConstructor::ArrayConstructor):
+        (JSC::constructArrayWithSizeQuirk):
+        * runtime/ArrayConstructor.h:
+        * runtime/ArrayPrototype.cpp:
+        (JSC::ArrayPrototype::ArrayPrototype):
+        (JSC::arrayProtoFuncSplice):
+        * runtime/ArrayPrototype.h:
+        (JSC::ArrayPrototype::createStructure):
+        * runtime/BatchedTransitionOptimizer.h:
+        (JSC::BatchedTransitionOptimizer::BatchedTransitionOptimizer):
+        * runtime/BooleanConstructor.cpp:
+        (JSC::BooleanConstructor::BooleanConstructor):
+        * runtime/BooleanConstructor.h:
+        * runtime/BooleanObject.cpp:
+        (JSC::BooleanObject::BooleanObject):
+        * runtime/BooleanObject.h:
+        (JSC::BooleanObject::createStructure):
+        * runtime/BooleanPrototype.cpp:
+        (JSC::BooleanPrototype::BooleanPrototype):
+        * runtime/BooleanPrototype.h:
+        * runtime/DateConstructor.cpp:
+        (JSC::DateConstructor::DateConstructor):
+        * runtime/DateConstructor.h:
+        * runtime/DateInstance.cpp:
+        (JSC::DateInstance::DateInstance):
+        * runtime/DateInstance.h:
+        (JSC::DateInstance::createStructure):
+        * runtime/DatePrototype.cpp:
+        (JSC::DatePrototype::DatePrototype):
+        * runtime/DatePrototype.h:
+        (JSC::DatePrototype::createStructure):
+        * runtime/Error.cpp:
+        (JSC::StrictModeTypeErrorFunction::StrictModeTypeErrorFunction):
+        * runtime/ErrorConstructor.cpp:
+        (JSC::ErrorConstructor::ErrorConstructor):
+        * runtime/ErrorConstructor.h:
+        * runtime/ErrorInstance.cpp:
+        (JSC::ErrorInstance::ErrorInstance):
+        (JSC::ErrorInstance::create):
+        * runtime/ErrorInstance.h:
+        (JSC::ErrorInstance::createStructure):
+        * runtime/ErrorPrototype.cpp:
+        (JSC::ErrorPrototype::ErrorPrototype):
+        * runtime/ErrorPrototype.h:
+        * runtime/ExceptionHelpers.cpp:
+        (JSC::InterruptedExecutionError::InterruptedExecutionError):
+        (JSC::TerminatedExecutionError::TerminatedExecutionError):
+        * runtime/Executable.cpp:
+        * runtime/Executable.h:
+        (JSC::ExecutableBase::ExecutableBase):
+        (JSC::ExecutableBase::createStructure):
+        (JSC::NativeExecutable::createStructure):
+        (JSC::NativeExecutable::NativeExecutable):
+        (JSC::ScriptExecutable::ScriptExecutable):
+        (JSC::EvalExecutable::createStructure):
+        (JSC::ProgramExecutable::createStructure):
+        (JSC::FunctionExecutable::createStructure):
+        * runtime/FunctionConstructor.cpp:
+        (JSC::FunctionConstructor::FunctionConstructor):
+        * runtime/FunctionConstructor.h:
+        * runtime/FunctionPrototype.cpp:
+        (JSC::FunctionPrototype::FunctionPrototype):
+        * runtime/FunctionPrototype.h:
+        (JSC::FunctionPrototype::createStructure):
+        * runtime/GetterSetter.h:
+        (JSC::GetterSetter::GetterSetter):
+        (JSC::GetterSetter::createStructure):
+        * runtime/InitializeThreading.cpp:
+        (JSC::initializeThreadingOnce):
+        * runtime/InternalFunction.cpp:
+        (JSC::InternalFunction::InternalFunction):
+        * runtime/InternalFunction.h:
+        (JSC::InternalFunction::createStructure):
+        * runtime/JSAPIValueWrapper.h:
+        (JSC::JSAPIValueWrapper::createStructure):
+        (JSC::JSAPIValueWrapper::JSAPIValueWrapper):
+        * runtime/JSActivation.cpp:
+        (JSC::JSActivation::JSActivation):
+        * runtime/JSActivation.h:
+        (JSC::JSActivation::createStructure):
+        * runtime/JSArray.cpp:
+        (JSC::JSArray::JSArray):
+        * runtime/JSArray.h:
+        (JSC::JSArray::createStructure):
+        * runtime/JSByteArray.cpp:
+        (JSC::JSByteArray::JSByteArray):
+        (JSC::JSByteArray::createStructure):
+        * runtime/JSByteArray.h:
+        (JSC::JSByteArray::JSByteArray):
+        * runtime/JSCell.cpp:
+        (JSC::isZombie):
+        * runtime/JSCell.h:
+        (JSC::JSCell::JSCell::JSCell):
+        (JSC::JSCell::JSCell::addressOfStructure):
+        (JSC::JSCell::JSCell::structure):
+        (JSC::JSCell::JSCell::markChildren):
+        (JSC::JSCell::JSValue::isZombie):
+        * runtime/JSFunction.cpp:
+        (JSC::JSFunction::JSFunction):
+        * runtime/JSFunction.h:
+        (JSC::JSFunction::createStructure):
+        * runtime/JSGlobalData.cpp:
+        (JSC::JSGlobalData::storeVPtrs):
+        (JSC::JSGlobalData::JSGlobalData):
+        (JSC::JSGlobalData::clearBuiltinStructures):
+        (JSC::JSGlobalData::createLeaked):
+        * runtime/JSGlobalData.h:
+        (JSC::allocateGlobalHandle):
+        * runtime/JSGlobalObject.cpp:
+        (JSC::JSGlobalObject::reset):
+        (JSC::JSGlobalObject::markChildren):
+        (JSC::JSGlobalObject::copyGlobalsFrom):
+        * runtime/JSGlobalObject.h:
+        (JSC::JSGlobalObject::JSGlobalObject):
+        (JSC::JSGlobalObject::createStructure):
+        (JSC::Structure::prototypeChain):
+        (JSC::Structure::isValid):
+        (JSC::constructEmptyArray):
+        * runtime/JSNotAnObject.h:
+        (JSC::JSNotAnObject::JSNotAnObject):
+        (JSC::JSNotAnObject::createStructure):
+        * runtime/JSONObject.cpp:
+        (JSC::JSONObject::JSONObject):
+        * runtime/JSONObject.h:
+        (JSC::JSONObject::createStructure):
+        * runtime/JSObject.cpp:
+        (JSC::JSObject::defineGetter):
+        (JSC::JSObject::defineSetter):
+        (JSC::JSObject::seal):
+        (JSC::JSObject::freeze):
+        (JSC::JSObject::preventExtensions):
+        (JSC::JSObject::removeDirect):
+        (JSC::JSObject::createInheritorID):
+        * runtime/JSObject.h:
+        (JSC::JSObject::createStructure):
+        (JSC::JSObject::JSObject):
+        (JSC::JSNonFinalObject::createStructure):
+        (JSC::JSNonFinalObject::JSNonFinalObject):
+        (JSC::JSFinalObject::create):
+        (JSC::JSFinalObject::createStructure):
+        (JSC::JSFinalObject::JSFinalObject):
+        (JSC::constructEmptyObject):
+        (JSC::createEmptyObjectStructure):
+        (JSC::JSObject::~JSObject):
+        (JSC::JSObject::setPrototype):
+        (JSC::JSObject::setStructure):
+        (JSC::JSObject::inheritorID):
+        (JSC::JSObject::putDirectInternal):
+        (JSC::JSObject::transitionTo):
+        (JSC::JSObject::markChildrenDirect):
+        * runtime/JSObjectWithGlobalObject.cpp:
+        (JSC::JSObjectWithGlobalObject::JSObjectWithGlobalObject):
+        * runtime/JSObjectWithGlobalObject.h:
+        (JSC::JSObjectWithGlobalObject::createStructure):
+        (JSC::JSObjectWithGlobalObject::JSObjectWithGlobalObject):
+        * runtime/JSPropertyNameIterator.cpp:
+        (JSC::JSPropertyNameIterator::JSPropertyNameIterator):
+        (JSC::JSPropertyNameIterator::create):
+        (JSC::JSPropertyNameIterator::get):
+        * runtime/JSPropertyNameIterator.h:
+        (JSC::JSPropertyNameIterator::createStructure):
+        (JSC::JSPropertyNameIterator::setCachedStructure):
+        (JSC::Structure::setEnumerationCache):
+        * runtime/JSStaticScopeObject.h:
+        (JSC::JSStaticScopeObject::JSStaticScopeObject):
+        (JSC::JSStaticScopeObject::createStructure):
+        * runtime/JSString.h:
+        (JSC::RopeBuilder::JSString):
+        (JSC::RopeBuilder::createStructure):
+        * runtime/JSType.h:
+        * runtime/JSTypeInfo.h:
+        (JSC::TypeInfo::TypeInfo):
+        * runtime/JSValue.h:
+        * runtime/JSVariableObject.h:
+        (JSC::JSVariableObject::createStructure):
+        (JSC::JSVariableObject::JSVariableObject):
+        (JSC::JSVariableObject::copyRegisterArray):
+        * runtime/JSWrapperObject.h:
+        (JSC::JSWrapperObject::createStructure):
+        (JSC::JSWrapperObject::JSWrapperObject):
+        * runtime/JSZombie.cpp:
+        * runtime/JSZombie.h:
+        (JSC::JSZombie::JSZombie):
+        (JSC::JSZombie::createStructure):
+        * runtime/MathObject.cpp:
+        (JSC::MathObject::MathObject):
+        * runtime/MathObject.h:
+        (JSC::MathObject::createStructure):
+        * runtime/NativeErrorConstructor.cpp:
+        (JSC::NativeErrorConstructor::NativeErrorConstructor):
+        (JSC::NativeErrorConstructor::markChildren):
+        (JSC::constructWithNativeErrorConstructor):
+        * runtime/NativeErrorConstructor.h:
+        (JSC::NativeErrorConstructor::createStructure):
+        * runtime/NativeErrorPrototype.cpp:
+        (JSC::NativeErrorPrototype::NativeErrorPrototype):
+        * runtime/NativeErrorPrototype.h:
+        * runtime/NumberConstructor.cpp:
+        (JSC::NumberConstructor::NumberConstructor):
+        * runtime/NumberConstructor.h:
+        (JSC::NumberConstructor::createStructure):
+        * runtime/NumberObject.cpp:
+        (JSC::NumberObject::NumberObject):
+        * runtime/NumberObject.h:
+        (JSC::NumberObject::createStructure):
+        * runtime/NumberPrototype.cpp:
+        (JSC::NumberPrototype::NumberPrototype):
+        * runtime/NumberPrototype.h:
+        * runtime/ObjectConstructor.cpp:
+        (JSC::ObjectConstructor::ObjectConstructor):
+        * runtime/ObjectConstructor.h:
+        (JSC::ObjectConstructor::createStructure):
+        * runtime/ObjectPrototype.cpp:
+        (JSC::ObjectPrototype::ObjectPrototype):
+        * runtime/ObjectPrototype.h:
+        * runtime/PropertyMapHashTable.h:
+        (JSC::PropertyTable::PropertyTable):
+        * runtime/RegExpConstructor.cpp:
+        (JSC::RegExpConstructor::RegExpConstructor):
+        (JSC::RegExpMatchesArray::RegExpMatchesArray):
+        * runtime/RegExpConstructor.h:
+        (JSC::RegExpConstructor::createStructure):
+        * runtime/RegExpObject.cpp:
+        (JSC::RegExpObject::RegExpObject):
+        * runtime/RegExpObject.h:
+        (JSC::RegExpObject::createStructure):
+        * runtime/RegExpPrototype.cpp:
+        (JSC::RegExpPrototype::RegExpPrototype):
+        * runtime/RegExpPrototype.h:
+        * runtime/ScopeChain.h:
+        (JSC::ScopeChainNode::ScopeChainNode):
+        (JSC::ScopeChainNode::createStructure):
+        * runtime/StrictEvalActivation.cpp:
+        (JSC::StrictEvalActivation::StrictEvalActivation):
+        * runtime/StringConstructor.cpp:
+        (JSC::StringConstructor::StringConstructor):
+        * runtime/StringConstructor.h:
+        * runtime/StringObject.cpp:
+        (JSC::StringObject::StringObject):
+        * runtime/StringObject.h:
+        (JSC::StringObject::createStructure):
+        * runtime/StringObjectThatMasqueradesAsUndefined.h:
+        (JSC::StringObjectThatMasqueradesAsUndefined::StringObjectThatMasqueradesAsUndefined):
+        (JSC::StringObjectThatMasqueradesAsUndefined::createStructure):
+        * runtime/StringPrototype.cpp:
+        (JSC::StringPrototype::StringPrototype):
+        * runtime/StringPrototype.h:
+        (JSC::StringPrototype::createStructure):
+        * runtime/Structure.cpp:
+        (JSC::StructureTransitionTable::remove):
+        (JSC::StructureTransitionTable::add):
+        (JSC::Structure::Structure):
+        (JSC::Structure::~Structure):
+        (JSC::Structure::materializePropertyMap):
+        (JSC::Structure::addPropertyTransitionToExistingStructure):
+        (JSC::Structure::addPropertyTransition):
+        (JSC::Structure::removePropertyTransition):
+        (JSC::Structure::changePrototypeTransition):
+        (JSC::Structure::despecifyFunctionTransition):
+        (JSC::Structure::getterSetterTransition):
+        (JSC::Structure::toDictionaryTransition):
+        (JSC::Structure::toCacheableDictionaryTransition):
+        (JSC::Structure::toUncacheableDictionaryTransition):
+        (JSC::Structure::sealTransition):
+        (JSC::Structure::freezeTransition):
+        (JSC::Structure::preventExtensionsTransition):
+        (JSC::Structure::flattenDictionaryStructure):
+        (JSC::Structure::copyPropertyTable):
+        (JSC::Structure::put):
+        (JSC::Structure::markChildren):
+        * runtime/Structure.h:
+        (JSC::Structure::create):
+        (JSC::Structure::setPrototypeWithoutTransition):
+        (JSC::Structure::createStructure):
+        (JSC::JSCell::createDummyStructure):
+        (JSC::StructureTransitionTable::keyForWeakGCMapFinalizer):
+        * runtime/StructureChain.cpp:
+        (JSC::StructureChain::StructureChain):
+        (JSC::StructureChain::markChildren):
+        * runtime/StructureChain.h:
+        (JSC::StructureChain::create):
+        (JSC::StructureChain::head):
+        (JSC::StructureChain::createStructure):
+        * runtime/StructureTransitionTable.h:
+        (JSC::StructureTransitionTable::WeakGCMapFinalizerCallback::finalizerContextFor):
+        (JSC::StructureTransitionTable::WeakGCMapFinalizerCallback::keyForFinalizer):
+        (JSC::StructureTransitionTable::~StructureTransitionTable):
+        (JSC::StructureTransitionTable::slot):
+        (JSC::StructureTransitionTable::setMap):
+        (JSC::StructureTransitionTable::singleTransition):
+        (JSC::StructureTransitionTable::clearSingleTransition):
+        (JSC::StructureTransitionTable::setSingleTransition):
+        * runtime/WeakGCMap.h:
+        (JSC::DefaultWeakGCMapFinalizerCallback::finalizerContextFor):
+        (JSC::DefaultWeakGCMapFinalizerCallback::keyForFinalizer):
+        (JSC::WeakGCMap::contains):
+        (JSC::WeakGCMap::find):
+        (JSC::WeakGCMap::remove):
+        (JSC::WeakGCMap::add):
+        (JSC::WeakGCMap::set):
+        (JSC::WeakGCMap::finalize):
+        * runtime/WriteBarrier.h:
+        (JSC::writeBarrier):
+        (JSC::WriteBarrierBase::set):
+        (JSC::WriteBarrierBase::operator*):
+        (JSC::WriteBarrierBase::operator->):
+        (JSC::WriteBarrierBase::setWithoutWriteBarrier):
+
 2011-04-15  Fridrich Strba  <fridrich.strba@bluewin.ch>
 
         Reviewed by Gavin Barraclough.
index 2f1166c..f9eee85 100644 (file)
@@ -1 +1 @@
-__ZN3JSC10JSFunctionC1EPNS_9ExecStateEPNS_14JSGlobalObjectEN3WTF17NonNullPassRefPtrINS_9StructureEEEiRKNS_10IdentifierEPFxS2_E
+__ZN3JSC10JSFunctionC1EPNS_9ExecStateEPNS_14JSGlobalObjectEPNS_9StructureEiRKNS_10IdentifierEPFxS2_E
index c693322..eaa9f51 100644 (file)
@@ -1 +1 @@
-__ZN3JSC10JSFunctionC1EPNS_9ExecStateEPNS_14JSGlobalObjectEN3WTF17NonNullPassRefPtrINS_9StructureEEEiRKNS_10IdentifierEPFPvS2_E
+__ZN3JSC10JSFunctionC1EPNS_9ExecStateEPNS_14JSGlobalObjectEPNS_9StructureEiRKNS_10IdentifierEPFPvS2_E
index a643b10..1b00c66 100644 (file)
@@ -114,14 +114,14 @@ __ZN3JSC10throwErrorEPNS_9ExecStateENS_7JSValueE
 __ZN3JSC10throwErrorEPNS_9ExecStateEPNS_8JSObjectE
 __ZN3JSC11JSByteArray13s_defaultInfoE
 __ZN3JSC11JSByteArray15createStructureERNS_12JSGlobalDataENS_7JSValueEPKNS_9ClassInfoE
-__ZN3JSC11JSByteArrayC1EPNS_9ExecStateEN3WTF17NonNullPassRefPtrINS_9StructureEEEPNS3_9ByteArrayE
+__ZN3JSC11JSByteArrayC1EPNS_9ExecStateEPNS_9StructureEPN3WTF9ByteArrayE
 __ZN3JSC11MarkedSpace21allocateFromSizeClassERNS0_9SizeClassE
 __ZN3JSC11ParserArena5resetEv
 __ZN3JSC11checkSyntaxEPNS_9ExecStateERKNS_10SourceCodeE
 __ZN3JSC11createErrorEPNS_9ExecStateERKNS_7UStringE
 __ZN3JSC11regExpFlagsERKNS_7UStringE
 __ZN3JSC12DateInstance6s_infoE
-__ZN3JSC12DateInstanceC1EPNS_9ExecStateEN3WTF17NonNullPassRefPtrINS_9StructureEEEd
+__ZN3JSC12DateInstanceC1EPNS_9ExecStateEPNS_9StructureEd
 __ZN3JSC12JSGlobalData10ClientDataD2Ev
 __ZN3JSC12JSGlobalData11jsArrayVPtrE
 __ZN3JSC12JSGlobalData12createLeakedENS_15ThreadStackTypeE
@@ -132,10 +132,11 @@ __ZN3JSC12JSGlobalData14dumpSampleDataEPNS_9ExecStateE
 __ZN3JSC12JSGlobalData14resetDateCacheEv
 __ZN3JSC12JSGlobalData14sharedInstanceEv
 __ZN3JSC12JSGlobalData15dumpRegExpTraceEv
+__ZN3JSC12JSGlobalData22clearBuiltinStructuresEv
 __ZN3JSC12JSGlobalData6createENS_15ThreadStackTypeE
 __ZN3JSC12JSGlobalDataD1Ev
 __ZN3JSC12RegExpObject6s_infoE
-__ZN3JSC12RegExpObjectC1EPNS_14JSGlobalObjectEN3WTF17NonNullPassRefPtrINS_9StructureEEENS4_INS_6RegExpEEE
+__ZN3JSC12RegExpObjectC1EPNS_14JSGlobalObjectEPNS_9StructureEN3WTF17NonNullPassRefPtrINS_6RegExpEEE
 __ZN3JSC12SamplingTool5setupEv
 __ZN3JSC12SmallStrings17createEmptyStringEPNS_12JSGlobalDataE
 __ZN3JSC12SmallStrings27createSingleCharacterStringEPNS_12JSGlobalDataEh
@@ -146,7 +147,7 @@ __ZN3JSC12StringObject19getOwnPropertyNamesEPNS_9ExecStateERNS_17PropertyNameArr
 __ZN3JSC12StringObject24getOwnPropertyDescriptorEPNS_9ExecStateERKNS_10IdentifierERNS_18PropertyDescriptorE
 __ZN3JSC12StringObject3putEPNS_9ExecStateERKNS_10IdentifierENS_7JSValueERNS_15PutPropertySlotE
 __ZN3JSC12StringObject6s_infoE
-__ZN3JSC12StringObjectC2EPNS_9ExecStateEN3WTF17NonNullPassRefPtrINS_9StructureEEERKNS_7UStringE
+__ZN3JSC12StringObjectC2EPNS_9ExecStateEPNS_9StructureERKNS_7UStringE
 __ZN3JSC12nonInlineNaNEv
 __ZN3JSC13SamplingFlags4stopEv
 __ZN3JSC13SamplingFlags5startEv
@@ -175,7 +176,7 @@ __ZN3JSC15createTypeErrorEPNS_9ExecStateERKNS_7UStringE
 __ZN3JSC16InternalFunction12vtableAnchorEv
 __ZN3JSC16InternalFunction4nameEPNS_9ExecStateE
 __ZN3JSC16InternalFunction6s_infoE
-__ZN3JSC16InternalFunctionC2EPNS_12JSGlobalDataEPNS_14JSGlobalObjectEN3WTF17NonNullPassRefPtrINS_9StructureEEERKNS_10IdentifierE
+__ZN3JSC16InternalFunctionC2EPNS_12JSGlobalDataEPNS_14JSGlobalObjectEPNS_9StructureERKNS_10IdentifierE
 __ZN3JSC16JSVariableObject14deletePropertyEPNS_9ExecStateERKNS_10IdentifierE
 __ZN3JSC16JSVariableObject14symbolTableGetERKNS_10IdentifierERNS_18PropertyDescriptorE
 __ZN3JSC16JSVariableObject19getOwnPropertyNamesEPNS_9ExecStateERNS_17PropertyNameArrayENS_15EnumerationModeE
@@ -206,7 +207,8 @@ __ZN3JSC23AbstractSamplingCounter4dumpEv
 __ZN3JSC23objectProtoFuncToStringEPNS_9ExecStateE
 __ZN3JSC23setUpStaticFunctionSlotEPNS_9ExecStateEPKNS_9HashEntryEPNS_8JSObjectERKNS_10IdentifierERNS_12PropertySlotE
 __ZN3JSC24DynamicGlobalObjectScopeC1ERNS_12JSGlobalDataEPNS_14JSGlobalObjectE
-__ZN3JSC24JSObjectWithGlobalObjectC2EPNS_14JSGlobalObjectEN3WTF17NonNullPassRefPtrINS_9StructureEEE
+__ZN3JSC24JSObjectWithGlobalObjectC2EPNS_14JSGlobalObjectEPNS_9StructureE
+__ZN3JSC24JSObjectWithGlobalObjectC2ERNS_12JSGlobalDataEPNS_14JSGlobalObjectEPNS_9StructureE
 __ZN3JSC24createStackOverflowErrorEPNS_9ExecStateE
 __ZN3JSC25evaluateInGlobalCallFrameERKNS_7UStringERNS_7JSValueEPNS_14JSGlobalObjectE
 __ZN3JSC35createInterruptedExecutionExceptionEPNS_12JSGlobalDataE
@@ -255,9 +257,9 @@ __ZN3JSC7JSArray15setSubclassDataEPv
 __ZN3JSC7JSArray18getOwnPropertySlotEPNS_9ExecStateEjRNS_12PropertySlotE
 __ZN3JSC7JSArray6s_infoE
 __ZN3JSC7JSArray9setLengthEj
-__ZN3JSC7JSArrayC1EN3WTF17NonNullPassRefPtrINS_9StructureEEE
-__ZN3JSC7JSArrayC1ERNS_12JSGlobalDataEN3WTF17NonNullPassRefPtrINS_9StructureEEERKNS_7ArgListE
-__ZN3JSC7JSArrayC2EN3WTF17NonNullPassRefPtrINS_9StructureEEE
+__ZN3JSC7JSArrayC1ERNS_12JSGlobalDataEPNS_9StructureE
+__ZN3JSC7JSArrayC1ERNS_12JSGlobalDataEPNS_9StructureERKNS_7ArgListE
+__ZN3JSC7JSArrayC2ERNS_12JSGlobalDataEPNS_9StructureE
 __ZN3JSC7JSArrayD2Ev
 __ZN3JSC7JSValue13isValidCalleeEv
 __ZN3JSC7Profile10restoreAllEv
@@ -310,12 +312,11 @@ __ZN3JSC8Profiler13stopProfilingEPNS_9ExecStateERKNS_7UStringE
 __ZN3JSC8Profiler14startProfilingEPNS_9ExecStateERKNS_7UStringE
 __ZN3JSC8Profiler8profilerEv
 __ZN3JSC8evaluateEPNS_9ExecStateEPNS_14ScopeChainNodeERKNS_10SourceCodeENS_7JSValueE
+__ZN3JSC8isZombieEPKNS_6JSCellE
 __ZN3JSC9CodeBlockD1Ev
 __ZN3JSC9CodeBlockD2Ev
 __ZN3JSC9MarkStack10s_pageSizeE
 __ZN3JSC9MarkStack18initializePagesizeEv
-__ZN3JSC9Structure17stopIgnoringLeaksEv
-__ZN3JSC9Structure18startIgnoringLeaksEv
 __ZN3JSC9Structure21addPropertyTransitionERNS_12JSGlobalDataEPS0_RKNS_10IdentifierEjPNS_6JSCellERm
 __ZN3JSC9Structure22materializePropertyMapERNS_12JSGlobalDataE
 __ZN3JSC9Structure25changePrototypeTransitionERNS_12JSGlobalDataEPS0_NS_7JSValueE
@@ -324,7 +325,7 @@ __ZN3JSC9Structure27despecifyFunctionTransitionERNS_12JSGlobalDataEPS0_RKNS_10Id
 __ZN3JSC9Structure28addPropertyWithoutTransitionERNS_12JSGlobalDataERKNS_10IdentifierEjPNS_6JSCellE
 __ZN3JSC9Structure3getERNS_12JSGlobalDataEPN3WTF10StringImplERjRPNS_6JSCellE
 __ZN3JSC9Structure40addPropertyTransitionToExistingStructureEPS0_RKNS_10IdentifierEjPNS_6JSCellERm
-__ZN3JSC9StructureC1ENS_7JSValueERKNS_8TypeInfoEjPKNS_9ClassInfoE
+__ZN3JSC9StructureC1ERNS_12JSGlobalDataENS_7JSValueERKNS_8TypeInfoEjPKNS_9ClassInfoE
 __ZN3JSC9StructureD1Ev
 __ZN3JSC9constructEPNS_9ExecStateENS_7JSValueENS_13ConstructTypeERKNS_13ConstructDataERKNS_7ArgListE
 __ZN3JSCeqERKNS_7UStringEPKc
index 46fbb97..0fa73f1 100644 (file)
@@ -3,24 +3,25 @@ EXPORTS
     ??0CString@WTF@@QAE@PBD@Z
     ??0CString@WTF@@QAE@PBDI@Z
     ??0Collator@WTF@@QAE@PBD@Z
-    ??0DateInstance@JSC@@QAE@PAVExecState@1@V?$NonNullPassRefPtr@VStructure@JSC@@@WTF@@N@Z
+    ??0DateInstance@JSC@@QAE@PAVExecState@1@PAVStructure@1@N@Z
     ??0DefaultGCActivityCallback@JSC@@QAE@PAVHeap@1@@Z
     ??0DropAllLocks@JSLock@JSC@@QAE@W4JSLockBehavior@2@@Z
-    ??0DynamicGlobalObjectScope@JSC@@QAE@AAVJSGlobalData@1@PAVJSGlobalObject@1@@Z
-    ??0InternalFunction@JSC@@IAE@PAVJSGlobalData@1@PAVJSGlobalObject@1@V?$NonNullPassRefPtr@VStructure@JSC@@@WTF@@ABVIdentifier@1@@Z
-    ??0JSArray@JSC@@QAE@AAVJSGlobalData@1@V?$NonNullPassRefPtr@VStructure@JSC@@@WTF@@ABVArgList@1@@Z  
-    ??0JSArray@JSC@@QAE@V?$NonNullPassRefPtr@VStructure@JSC@@@WTF@@@Z
-    ??0JSByteArray@JSC@@QAE@PAVExecState@1@V?$NonNullPassRefPtr@VStructure@JSC@@@WTF@@PAVByteArray@4@@Z
-    ??0JSFunction@JSC@@QAE@PAVExecState@1@PAVJSGlobalObject@1@V?$NonNullPassRefPtr@VStructure@JSC@@@WTF@@HABVIdentifier@1@P6I_J0@Z@Z
+    ??0DynamicGlobalObjectScope@JSC@@QAE@AAVJSGlobalData@1@PAVJSGlobalObject@1@@Z  
+    ??0InternalFunction@JSC@@IAE@PAVJSGlobalData@1@PAVJSGlobalObject@1@PAVStructure@1@ABVIdentifier@1@@Z
+    ??0JSArray@JSC@@QAE@AAVJSGlobalData@1@PAVStructure@1@@Z
+    ??0JSArray@JSC@@QAE@AAVJSGlobalData@1@PAVStructure@1@ABVArgList@1@@Z
+    ??0JSByteArray@JSC@@QAE@PAVExecState@1@PAVStructure@1@PAVByteArray@WTF@@@Z
+    ??0JSFunction@JSC@@QAE@PAVExecState@1@PAVJSGlobalObject@1@PAVStructure@1@HABVIdentifier@1@P6I_J0@Z@Z
     ??0JSLock@JSC@@QAE@PAVExecState@1@@Z
-    ??0JSObjectWithGlobalObject@JSC@@IAE@PAVJSGlobalObject@1@V?$NonNullPassRefPtr@VStructure@JSC@@@WTF@@@Z
+    ??0JSObjectWithGlobalObject@JSC@@IAE@AAVJSGlobalData@1@PAVJSGlobalObject@1@PAVStructure@1@@Z
+    ??0JSObjectWithGlobalObject@JSC@@IAE@PAVJSGlobalObject@1@PAVStructure@1@@Z
     ??0MD5@WTF@@QAE@XZ
     ??0Mutex@WTF@@QAE@XZ
     ??0RefCountedLeakCounter@WTF@@QAE@PBD@Z
-    ??0RegExpObject@JSC@@QAE@PAVJSGlobalObject@1@V?$NonNullPassRefPtr@VStructure@JSC@@@WTF@@V?$NonNullPassRefPtr@VRegExp@JSC@@@4@@Z
+    ??0RegExpObject@JSC@@QAE@PAVJSGlobalObject@1@PAVStructure@1@V?$NonNullPassRefPtr@VRegExp@JSC@@@WTF@@@Z
     ??0SHA1@WTF@@QAE@XZ
-    ??0StringObject@JSC@@QAE@PAVExecState@1@V?$NonNullPassRefPtr@VStructure@JSC@@@WTF@@ABVUString@1@@Z
-    ??0Structure@JSC@@AAE@VJSValue@1@ABVTypeInfo@1@IPBUClassInfo@1@@Z
+    ??0StringObject@JSC@@QAE@PAVExecState@1@PAVStructure@1@ABVUString@1@@Z
+    ??0Structure@JSC@@AAE@AAVJSGlobalData@1@VJSValue@1@ABVTypeInfo@1@IPBUClassInfo@1@@Z
     ??0ThreadCondition@WTF@@QAE@XZ
     ??0UString@JSC@@QAE@PBD@Z
     ??0UString@JSC@@QAE@PBDI@Z
@@ -37,7 +38,6 @@ EXPORTS
     ??1RefCountedLeakCounter@WTF@@QAE@XZ
     ??1RegExp@JSC@@QAE@XZ
     ??1SourceProviderCache@JSC@@QAE@XZ
-    ??1Structure@JSC@@QAE@XZ
     ??1ThreadCondition@WTF@@QAE@XZ
     ??1WTFThreadData@WTF@@QAE@XZ
     ??1WeakHandleOwner@JSC@@UAE@XZ
@@ -52,8 +52,8 @@ EXPORTS
     ?addBytes@MD5@WTF@@QAEXPBEI@Z
     ?addBytes@SHA1@WTF@@QAEXPBEI@Z
     ?addCurrentThread@MachineThreads@JSC@@QAEXXZ
-    ?addPropertyTransition@Structure@JSC@@SA?AV?$PassRefPtr@VStructure@JSC@@@WTF@@AAVJSGlobalData@2@PAV12@ABVIdentifier@2@IPAVJSCell@2@AAI@Z
-    ?addPropertyTransitionToExistingStructure@Structure@JSC@@SA?AV?$PassRefPtr@VStructure@JSC@@@WTF@@PAV12@ABVIdentifier@2@IPAVJSCell@2@AAI@Z
+    ?addPropertyTransition@Structure@JSC@@SAPAV12@AAVJSGlobalData@2@PAV12@ABVIdentifier@2@IPAVJSCell@2@AAI@Z
+    ?addPropertyTransitionToExistingStructure@Structure@JSC@@SAPAV12@PAV12@ABVIdentifier@2@IPAVJSCell@2@AAI@Z
     ?addPropertyWithoutTransition@Structure@JSC@@QAEIAAVJSGlobalData@2@ABVIdentifier@2@IPAVJSCell@2@@Z
     ?addSlowCase@Identifier@JSC@@CA?AV?$PassRefPtr@VStringImpl@WTF@@@WTF@@PAVExecState@2@PAVStringImpl@4@@Z
     ?allocate@Heap@JSC@@QAEPAXI@Z
@@ -78,13 +78,14 @@ EXPORTS
     ?callOnMainThreadAndWait@WTF@@YAXP6AXPAX@Z0@Z
     ?cancelCallOnMainThread@WTF@@YAXP6AXPAX@Z0@Z
     ?capacity@Heap@JSC@@QBEIXZ
-    ?changePrototypeTransition@Structure@JSC@@SA?AV?$PassRefPtr@VStructure@JSC@@@WTF@@AAVJSGlobalData@2@PAV12@VJSValue@2@@Z
+    ?changePrototypeTransition@Structure@JSC@@SAPAV12@AAVJSGlobalData@2@PAV12@VJSValue@2@@Z
     ?checkCurrentIdentifierTable@Identifier@JSC@@CAXPAVExecState@2@@Z
     ?checkCurrentIdentifierTable@Identifier@JSC@@CAXPAVJSGlobalData@2@@Z
     ?checkSyntax@JSC@@YA?AVCompletion@1@PAVExecState@1@ABVSourceCode@1@@Z
     ?checksum@MD5@WTF@@QAEXAAV?$Vector@E$0BA@@2@@Z
     ?className@JSObject@JSC@@UBE?AVUString@2@XZ
     ?clear@SourceProviderCache@JSC@@QAEXXZ
+    ?clearBuiltinStructures@JSGlobalData@JSC@@QAEXXZ
     ?collate@Collator@WTF@@QBE?AW4Result@12@PB_WI0I@Z
     ?collectAllGarbage@Heap@JSC@@QAEXXZ
     ?computeHash@SHA1@WTF@@QAEXAAV?$Vector@E$0BE@@2@@Z
@@ -108,7 +109,7 @@ EXPORTS
     ?createReferenceError@JSC@@YAPAVJSObject@1@PAVExecState@1@ABVUString@1@@Z
     ?createSingleCharacterString@SmallStrings@JSC@@AAEXPAVJSGlobalData@2@E@Z
     ?createStackOverflowError@JSC@@YAPAVJSObject@1@PAVExecState@1@@Z
-    ?createStructure@JSByteArray@JSC@@SA?AV?$PassRefPtr@VStructure@JSC@@@WTF@@AAVJSGlobalData@2@VJSValue@2@PBUClassInfo@2@@Z
+    ?createStructure@JSByteArray@JSC@@SAPAVStructure@2@AAVJSGlobalData@2@VJSValue@2@PBUClassInfo@2@@Z
     ?createSyntaxError@JSC@@YAPAVJSObject@1@PAVExecState@1@ABVUString@1@@Z
     ?createTable@HashTable@JSC@@ABEXPAVJSGlobalData@2@@Z
     ?createThread@WTF@@YAIP6APAXPAX@Z0@Z
@@ -144,7 +145,7 @@ EXPORTS
     ?deleteProperty@StringObject@JSC@@UAE_NPAVExecState@2@ABVIdentifier@2@@Z
     ?deleteTable@HashTable@JSC@@QBEXXZ
     ?despecifyDictionaryFunction@Structure@JSC@@QAEXAAVJSGlobalData@2@ABVIdentifier@2@@Z
-    ?despecifyFunctionTransition@Structure@JSC@@SA?AV?$PassRefPtr@VStructure@JSC@@@WTF@@AAVJSGlobalData@2@PAV12@ABVIdentifier@2@@Z
+    ?despecifyFunctionTransition@Structure@JSC@@SAPAV12@AAVJSGlobalData@2@PAV12@ABVIdentifier@2@@Z
     ?destroy@Heap@JSC@@QAEXXZ
     ?detach@Debugger@JSC@@UAEXPAVJSGlobalObject@2@@Z
     ?detachThread@WTF@@YAXI@Z
@@ -313,10 +314,8 @@ EXPORTS
     ?signal@ThreadCondition@WTF@@QAEXXZ
     ?size@Heap@JSC@@QBEIXZ
     ?slowAppend@MarkedArgumentBuffer@JSC@@AAEXVJSValue@2@@Z
-    ?startIgnoringLeaks@Structure@JSC@@SAXXZ
     ?startProfiling@Profiler@JSC@@QAEXPAVExecState@2@ABVUString@2@@Z
     ?startSampling@JSGlobalData@JSC@@QAEXXZ
-    ?stopIgnoringLeaks@Structure@JSC@@SAXXZ
     ?stopProfiling@Profiler@JSC@@QAE?AV?$PassRefPtr@VProfile@JSC@@@WTF@@PAVExecState@2@ABVUString@2@@Z
     ?stopSampling@JSGlobalData@JSC@@QAEXXZ
     ?strtod@WTF@@YANPBDPAPAD@Z
index b20ca44..0e648ba 100644 (file)
@@ -1390,31 +1390,9 @@ CodeBlock::CodeBlock(ScriptExecutable* ownerExecutable, CodeType codeType, JSGlo
 
 CodeBlock::~CodeBlock()
 {
-#if ENABLE(INTERPRETER)
-    for (size_t size = m_globalResolveInstructions.size(), i = 0; i < size; ++i)
-        derefStructures(&m_instructions[m_globalResolveInstructions[i]]);
-
-    for (size_t size = m_propertyAccessInstructions.size(), i = 0; i < size; ++i)
-        derefStructures(&m_instructions[m_propertyAccessInstructions[i]]);
-#endif
 #if ENABLE(JIT)
-    for (size_t size = m_globalResolveInfos.size(), i = 0; i < size; ++i) {
-        if (m_globalResolveInfos[i].structure)
-            m_globalResolveInfos[i].structure->deref();
-    }
-
     for (size_t size = m_structureStubInfos.size(), i = 0; i < size; ++i)
         m_structureStubInfos[i].deref();
-
-    for (size_t size = m_methodCallLinkInfos.size(), i = 0; i < size; ++i) {
-        if (Structure* structure = m_methodCallLinkInfos[i].cachedStructure) {
-            structure->deref();
-            // Both members must be filled at the same time
-            ASSERT(!!m_methodCallLinkInfos[i].cachedPrototypeStructure);
-            m_methodCallLinkInfos[i].cachedPrototypeStructure->deref();
-        }
-    }
-
 #endif // ENABLE(JIT)
 
 #if DUMP_CODE_BLOCK_STATISTICS
@@ -1422,35 +1400,37 @@ CodeBlock::~CodeBlock()
 #endif
 }
 
-void CodeBlock::derefStructures(Instruction* vPC) const
+void CodeBlock::markStructures(MarkStack& markStack, Instruction* vPC) const
 {
     Interpreter* interpreter = m_globalData->interpreter;
 
     if (vPC[0].u.opcode == interpreter->getOpcode(op_get_by_id_self) || vPC[0].u.opcode == interpreter->getOpcode(op_get_by_id_getter_self) || vPC[0].u.opcode == interpreter->getOpcode(op_get_by_id_custom_self)) {
-        vPC[4].u.structure->deref();
+        markStack.append(&vPC[4].u.structure);
         return;
     }
     if (vPC[0].u.opcode == interpreter->getOpcode(op_get_by_id_proto) || vPC[0].u.opcode == interpreter->getOpcode(op_get_by_id_getter_proto) || vPC[0].u.opcode == interpreter->getOpcode(op_get_by_id_custom_proto)) {
-        vPC[4].u.structure->deref();
-        vPC[5].u.structure->deref();
+        markStack.append(&vPC[4].u.structure);
+        markStack.append(&vPC[5].u.structure);
         return;
     }
     if (vPC[0].u.opcode == interpreter->getOpcode(op_get_by_id_chain) || vPC[0].u.opcode == interpreter->getOpcode(op_get_by_id_getter_chain) || vPC[0].u.opcode == interpreter->getOpcode(op_get_by_id_custom_chain)) {
-        vPC[4].u.structure->deref();
+        markStack.append(&vPC[4].u.structure);
+        markStack.append(&vPC[5].u.structureChain);
         return;
     }
     if (vPC[0].u.opcode == interpreter->getOpcode(op_put_by_id_transition)) {
-        vPC[4].u.structure->deref();
-        vPC[5].u.structure->deref();
+        markStack.append(&vPC[4].u.structure);
+        markStack.append(&vPC[5].u.structure);
+        markStack.append(&vPC[6].u.structureChain);
         return;
     }
     if (vPC[0].u.opcode == interpreter->getOpcode(op_put_by_id_replace)) {
-        vPC[4].u.structure->deref();
+        markStack.append(&vPC[4].u.structure);
         return;
     }
     if (vPC[0].u.opcode == interpreter->getOpcode(op_resolve_global) || vPC[0].u.opcode == interpreter->getOpcode(op_resolve_global_dynamic)) {
         if (vPC[3].u.structure)
-            vPC[3].u.structure->deref();
+            markStack.append(&vPC[3].u.structure);
         return;
     }
     if ((vPC[0].u.opcode == interpreter->getOpcode(op_get_by_id_proto_list))
@@ -1460,7 +1440,7 @@ void CodeBlock::derefStructures(Instruction* vPC) const
         || (vPC[0].u.opcode == interpreter->getOpcode(op_get_by_id_custom_proto_list))
         || (vPC[0].u.opcode == interpreter->getOpcode(op_get_by_id_custom_self_list))) {
         PolymorphicAccessStructureList* polymorphicStructures = vPC[4].u.polymorphicStructures;
-        polymorphicStructures->derefStructures(vPC[5].u.operand);
+        polymorphicStructures->markAggregate(markStack, vPC[5].u.operand);
         delete polymorphicStructures;
         return;
     }
@@ -1469,37 +1449,6 @@ void CodeBlock::derefStructures(Instruction* vPC) const
     ASSERT(vPC[0].u.opcode == interpreter->getOpcode(op_get_by_id) || vPC[0].u.opcode == interpreter->getOpcode(op_put_by_id) || vPC[0].u.opcode == interpreter->getOpcode(op_get_by_id_generic) || vPC[0].u.opcode == interpreter->getOpcode(op_put_by_id_generic) || vPC[0].u.opcode == interpreter->getOpcode(op_get_array_length) || vPC[0].u.opcode == interpreter->getOpcode(op_get_string_length));
 }
 
-void CodeBlock::refStructures(Instruction* vPC) const
-{
-    Interpreter* interpreter = m_globalData->interpreter;
-
-    if (vPC[0].u.opcode == interpreter->getOpcode(op_get_by_id_self) || vPC[0].u.opcode == interpreter->getOpcode(op_get_by_id_getter_self) || vPC[0].u.opcode == interpreter->getOpcode(op_get_by_id_custom_self)) {
-        vPC[4].u.structure->ref();
-        return;
-    }
-    if (vPC[0].u.opcode == interpreter->getOpcode(op_get_by_id_proto) || vPC[0].u.opcode == interpreter->getOpcode(op_get_by_id_getter_proto) || vPC[0].u.opcode == interpreter->getOpcode(op_get_by_id_custom_proto)) {
-        vPC[4].u.structure->ref();
-        vPC[5].u.structure->ref();
-        return;
-    }
-    if (vPC[0].u.opcode == interpreter->getOpcode(op_get_by_id_chain) || vPC[0].u.opcode == interpreter->getOpcode(op_get_by_id_getter_chain) || vPC[0].u.opcode == interpreter->getOpcode(op_get_by_id_custom_chain)) {
-        vPC[4].u.structure->ref();
-        return;
-    }
-    if (vPC[0].u.opcode == interpreter->getOpcode(op_put_by_id_transition)) {
-        vPC[4].u.structure->ref();
-        vPC[5].u.structure->ref();
-        return;
-    }
-    if (vPC[0].u.opcode == interpreter->getOpcode(op_put_by_id_replace)) {
-        vPC[4].u.structure->ref();
-        return;
-    }
-    
-    // These instructions don't ref their Structures.
-    ASSERT(vPC[0].u.opcode == interpreter->getOpcode(op_get_by_id) || vPC[0].u.opcode == interpreter->getOpcode(op_put_by_id) || vPC[0].u.opcode == interpreter->getOpcode(op_get_by_id_generic) || vPC[0].u.opcode == interpreter->getOpcode(op_put_by_id_generic));
-}
-
 void EvalCodeCache::markAggregate(MarkStack& markStack)
 {
     EvalCacheMap::iterator end = m_cacheMap.end();
@@ -1524,30 +1473,24 @@ void CodeBlock::markAggregate(MarkStack& markStack)
             markStack.append(&callLinkInfo(i).callee);
 #endif
 #if ENABLE(INTERPRETER)
-    Interpreter* interpreter = m_globalData->interpreter;
-    for (size_t size = m_propertyAccessInstructions.size(), i = 0; i < size; ++i) {
-        Instruction* vPC = &m_instructions[m_propertyAccessInstructions[i]];
-        if (vPC[0].u.opcode == interpreter->getOpcode(op_get_by_id_chain) || vPC[0].u.opcode == interpreter->getOpcode(op_get_by_id_getter_chain) || vPC[0].u.opcode == interpreter->getOpcode(op_get_by_id_custom_chain))
-            markStack.append(&vPC[5].u.structureChain);
-        else if (vPC[0].u.opcode == interpreter->getOpcode(op_put_by_id_transition))
-            markStack.append(&vPC[6].u.structureChain);
-    }
+    for (size_t size = m_propertyAccessInstructions.size(), i = 0; i < size; ++i)
+        markStructures(markStack, &m_instructions[m_propertyAccessInstructions[i]]);
 #endif
 #if ENABLE(JIT)
     for (size_t size = m_globalResolveInfos.size(), i = 0; i < size; ++i) {
-        if (Structure* structure = m_globalResolveInfos[i].structure)
-            structure->markAggregate(markStack);
+        if (m_globalResolveInfos[i].structure)
+            markStack.append(&m_globalResolveInfos[i].structure);
     }
 
     for (size_t size = m_structureStubInfos.size(), i = 0; i < size; ++i)
         m_structureStubInfos[i].markAggregate(markStack);
 
     for (size_t size = m_methodCallLinkInfos.size(), i = 0; i < size; ++i) {
-        if (Structure* structure = m_methodCallLinkInfos[i].cachedStructure) {
+        if (m_methodCallLinkInfos[i].cachedStructure) {
             // Both members must be filled at the same time
-            structure->markAggregate(markStack);
+            markStack.append(&m_methodCallLinkInfos[i].cachedStructure);
             ASSERT(!!m_methodCallLinkInfos[i].cachedPrototypeStructure);
-            m_methodCallLinkInfos[i].cachedPrototypeStructure->markAggregate(markStack);
+            markStack.append(&m_methodCallLinkInfos[i].cachedPrototypeStructure);
         }
     }
 #endif
index 25e65f4..af68eb5 100644 (file)
@@ -122,8 +122,6 @@ namespace JSC {
 
     struct MethodCallLinkInfo {
         MethodCallLinkInfo()
-            : cachedStructure(0)
-            , cachedPrototypeStructure(0)
         {
         }
 
@@ -142,24 +140,23 @@ namespace JSC {
             //     - Once this transition has been taken once, cachedStructure is
             //       null and cachedPrototypeStructure is set to a nun-null value.
             //     - Once the call is linked both structures are set to non-null values.
-            cachedPrototypeStructure = (Structure*)1;
+            cachedPrototypeStructure.setWithoutWriteBarrier((Structure*)1);
         }
 
         CodeLocationCall callReturnLocation;
         CodeLocationDataLabelPtr structureLabel;
-        Structure* cachedStructure;
-        Structure* cachedPrototypeStructure;
+        WriteBarrier<Structure> cachedStructure;
+        WriteBarrier<Structure> cachedPrototypeStructure;
     };
 
     struct GlobalResolveInfo {
         GlobalResolveInfo(unsigned bytecodeOffset)
-            : structure(0)
-            , offset(0)
+            : offset(0)
             , bytecodeOffset(bytecodeOffset)
         {
         }
 
-        Structure* structure;
+        WriteBarrier<Structure> structure;
         unsigned offset;
         unsigned bytecodeOffset;
     };
@@ -215,8 +212,6 @@ namespace JSC {
         virtual ~CodeBlock();
 
         void markAggregate(MarkStack&);
-        void refStructures(Instruction* vPC) const;
-        void derefStructures(Instruction* vPC) const;
 
         static void dumpStatistics();
 
@@ -486,6 +481,7 @@ namespace JSC {
         void printGetByIdOp(ExecState*, int location, Vector<Instruction>::const_iterator&, const char* op) const;
         void printPutByIdOp(ExecState*, int location, Vector<Instruction>::const_iterator&, const char* op) const;
 #endif
+        void markStructures(MarkStack&, Instruction* vPC) const;
 
         void createRareDataIfNecessary()
         {
index b5e5c52..d9cbb11 100644 (file)
@@ -61,45 +61,45 @@ namespace JSC {
         struct PolymorphicStubInfo {
             bool isChain;
             PolymorphicAccessStructureListStubRoutineType stubRoutine;
-            Structure* base;
+            WriteBarrier<Structure> base;
             union {
-                Structure* proto;
+                WriteBarrierBase<Structure> proto;
                 WriteBarrierBase<StructureChain> chain;
             } u;
 
-            void set(PolymorphicAccessStructureListStubRoutineType _stubRoutine, Structure* _base)
+            void set(JSGlobalData& globalData, JSCell* owner, PolymorphicAccessStructureListStubRoutineType _stubRoutine, Structure* _base)
             {
                 stubRoutine = _stubRoutine;
-                base = _base;
-                u.proto = 0;
+                base.set(globalData, owner, _base);
+                u.proto.clear();
                 isChain = false;
             }
             
-            void set(PolymorphicAccessStructureListStubRoutineType _stubRoutine, Structure* _base, Structure* _proto)
+            void set(JSGlobalData& globalData, JSCell* owner, PolymorphicAccessStructureListStubRoutineType _stubRoutine, Structure* _base, Structure* _proto)
             {
                 stubRoutine = _stubRoutine;
-                base = _base;
-                u.proto = _proto;
+                base.set(globalData, owner, _base);
+                u.proto.set(globalData, owner, _proto);
                 isChain = false;
             }
             
             void set(JSGlobalData& globalData, JSCell* owner, PolymorphicAccessStructureListStubRoutineType _stubRoutine, Structure* _base, StructureChain* _chain)
             {
                 stubRoutine = _stubRoutine;
-                base = _base;
+                base.set(globalData, owner, _base);
                 u.chain.set(globalData, owner, _chain);
                 isChain = true;
             }
         } list[POLYMORPHIC_LIST_CACHE_SIZE];
         
-        PolymorphicAccessStructureList(PolymorphicAccessStructureListStubRoutineType stubRoutine, Structure* firstBase)
+        PolymorphicAccessStructureList(JSGlobalData& globalData, JSCell* owner, PolymorphicAccessStructureListStubRoutineType stubRoutine, Structure* firstBase)
         {
-            list[0].set(stubRoutine, firstBase);
+            list[0].set(globalData, owner, stubRoutine, firstBase);
         }
 
-        PolymorphicAccessStructureList(PolymorphicAccessStructureListStubRoutineType stubRoutine, Structure* firstBase, Structure* firstProto)
+        PolymorphicAccessStructureList(JSGlobalData& globalData, JSCell* owner, PolymorphicAccessStructureListStubRoutineType stubRoutine, Structure* firstBase, Structure* firstProto)
         {
-            list[0].set(stubRoutine, firstBase, firstProto);
+            list[0].set(globalData, owner, stubRoutine, firstBase, firstProto);
         }
 
         PolymorphicAccessStructureList(JSGlobalData& globalData, JSCell* owner, PolymorphicAccessStructureListStubRoutineType stubRoutine, Structure* firstBase, StructureChain* firstChain)
@@ -107,27 +107,15 @@ namespace JSC {
             list[0].set(globalData, owner, stubRoutine, firstBase, firstChain);
         }
 
-        void derefStructures(int count)
-        {
-            for (int i = 0; i < count; ++i) {
-                PolymorphicStubInfo& info = list[i];
-
-                ASSERT(info.base);
-                info.base->deref();
-
-                if (info.u.proto) {
-                    if (!info.isChain)
-                        info.u.proto->deref();
-                }
-            }
-        }
-
         void markAggregate(MarkStack& markStack, int count)
         {
             for (int i = 0; i < count; ++i) {
                 PolymorphicStubInfo& info = list[i];
                 ASSERT(info.base);
                 
+                markStack.append(&info.base);
+                if (info.u.proto && !info.isChain)
+                    markStack.append(&info.u.proto);
                 if (info.u.chain && info.isChain)
                     markStack.append(&info.u.chain);
             }
@@ -153,7 +141,11 @@ namespace JSC {
             u.operand = operand;
         }
 
-        Instruction(Structure* structure) { u.structure = structure; }
+        Instruction(JSGlobalData& globalData, JSCell* owner, Structure* structure)
+        {
+            u.structure.clear();
+            u.structure.set(globalData, owner, structure);
+        }
         Instruction(JSGlobalData& globalData, JSCell* owner, StructureChain* structureChain)
         {
             u.structureChain.clear();
@@ -170,7 +162,7 @@ namespace JSC {
         union {
             Opcode opcode;
             int operand;
-            Structure* structure;
+            WriteBarrierBase<Structure> structure;
             WriteBarrierBase<StructureChain> structureChain;
             WriteBarrierBase<JSCell> jsCell;
             PolymorphicAccessStructureList* polymorphicStructures;
@@ -179,6 +171,7 @@ namespace JSC {
         
     private:
         Instruction(StructureChain*);
+        Instruction(Structure*);
     };
 
 } // namespace JSC
index e10dc5c..be5760a 100644 (file)
@@ -35,42 +35,28 @@ namespace JSC {
 void StructureStubInfo::deref()
 {
     switch (accessType) {
-    case access_get_by_id_self:
-        u.getByIdSelf.baseObjectStructure->deref();
-        return;
-    case access_get_by_id_proto:
-        u.getByIdProto.baseObjectStructure->deref();
-        u.getByIdProto.prototypeStructure->deref();
-        return;
-    case access_get_by_id_chain:
-        u.getByIdChain.baseObjectStructure->deref();
-        return;
     case access_get_by_id_self_list: {
         PolymorphicAccessStructureList* polymorphicStructures = u.getByIdSelfList.structureList;
-        polymorphicStructures->derefStructures(u.getByIdSelfList.listSize);
         delete polymorphicStructures;
         return;
     }
     case access_get_by_id_proto_list: {
         PolymorphicAccessStructureList* polymorphicStructures = u.getByIdProtoList.structureList;
-        polymorphicStructures->derefStructures(u.getByIdProtoList.listSize);
         delete polymorphicStructures;
         return;
     }
+    case access_get_by_id_self:
+    case access_get_by_id_proto:
+    case access_get_by_id_chain:
     case access_put_by_id_transition:
-        u.putByIdTransition.previousStructure->deref();
-        u.putByIdTransition.structure->deref();
-        return;
     case access_put_by_id_replace:
-        u.putByIdReplace.baseObjectStructure->deref();
-        return;
     case access_get_by_id:
     case access_put_by_id:
     case access_get_by_id_generic:
     case access_put_by_id_generic:
     case access_get_array_length:
     case access_get_string_length:
-        // These instructions don't ref their Structures.
+        // These instructions don't have to release any allocated memory
         return;
     default:
         ASSERT_NOT_REACHED();
@@ -81,14 +67,14 @@ void StructureStubInfo::markAggregate(MarkStack& markStack)
 {
     switch (accessType) {
     case access_get_by_id_self:
-        u.getByIdSelf.baseObjectStructure->markAggregate(markStack);
+        markStack.append(&u.getByIdSelf.baseObjectStructure);
         return;
     case access_get_by_id_proto:
-        u.getByIdProto.baseObjectStructure->markAggregate(markStack);
-        u.getByIdProto.prototypeStructure->markAggregate(markStack);
+        markStack.append(&u.getByIdProto.baseObjectStructure);
+        markStack.append(&u.getByIdProto.prototypeStructure);
         return;
     case access_get_by_id_chain:
-        u.getByIdChain.baseObjectStructure->markAggregate(markStack);
+        markStack.append(&u.getByIdChain.baseObjectStructure);
         markStack.append(&u.getByIdChain.chain);
         return;
     case access_get_by_id_self_list: {
@@ -102,12 +88,12 @@ void StructureStubInfo::markAggregate(MarkStack& markStack)
         return;
     }
     case access_put_by_id_transition:
-        u.putByIdTransition.previousStructure->markAggregate(markStack);
-        u.putByIdTransition.structure->markAggregate(markStack);
+        markStack.append(&u.putByIdTransition.previousStructure);
+        markStack.append(&u.putByIdTransition.structure);
         markStack.append(&u.putByIdTransition.chain);
         return;
     case access_put_by_id_replace:
-        u.putByIdReplace.baseObjectStructure->markAggregate(markStack);
+        markStack.append(&u.putByIdReplace.baseObjectStructure);
         return;
     case access_get_by_id:
     case access_put_by_id:
@@ -115,7 +101,7 @@ void StructureStubInfo::markAggregate(MarkStack& markStack)
     case access_put_by_id_generic:
     case access_get_array_length:
     case access_get_string_length:
-        // These instructions don't ref their Structures.
+        // These instructions don't need to mark anything
         return;
     default:
         ASSERT_NOT_REACHED();
index 6702dce..bfeeb1e 100644 (file)
@@ -58,32 +58,26 @@ namespace JSC {
         {
         }
 
-        void initGetByIdSelf(Structure* baseObjectStructure)
+        void initGetByIdSelf(JSGlobalData& globalData, JSCell* owner, Structure* baseObjectStructure)
         {
             accessType = access_get_by_id_self;
 
-            u.getByIdSelf.baseObjectStructure = baseObjectStructure;
-            baseObjectStructure->ref();
+            u.getByIdSelf.baseObjectStructure.set(globalData, owner, baseObjectStructure);
         }
 
-        void initGetByIdProto(Structure* baseObjectStructure, Structure* prototypeStructure)
+        void initGetByIdProto(JSGlobalData& globalData, JSCell* owner, Structure* baseObjectStructure, Structure* prototypeStructure)
         {
             accessType = access_get_by_id_proto;
 
-            u.getByIdProto.baseObjectStructure = baseObjectStructure;
-            baseObjectStructure->ref();
-
-            u.getByIdProto.prototypeStructure = prototypeStructure;
-            prototypeStructure->ref();
+            u.getByIdProto.baseObjectStructure.set(globalData, owner, baseObjectStructure);
+            u.getByIdProto.prototypeStructure.set(globalData, owner, prototypeStructure);
         }
 
         void initGetByIdChain(JSGlobalData& globalData, JSCell* owner, Structure* baseObjectStructure, StructureChain* chain)
         {
             accessType = access_get_by_id_chain;
 
-            u.getByIdChain.baseObjectStructure = baseObjectStructure;
-            baseObjectStructure->ref();
-
+            u.getByIdChain.baseObjectStructure.set(globalData, owner, baseObjectStructure);
             u.getByIdChain.chain.set(globalData, owner, chain);
         }
 
@@ -109,21 +103,16 @@ namespace JSC {
         {
             accessType = access_put_by_id_transition;
 
-            u.putByIdTransition.previousStructure = previousStructure;
-            previousStructure->ref();
-
-            u.putByIdTransition.structure = structure;
-            structure->ref();
-
+            u.putByIdTransition.previousStructure.set(globalData, owner, previousStructure);
+            u.putByIdTransition.structure.set(globalData, owner, structure);
             u.putByIdTransition.chain.set(globalData, owner, chain);
         }
 
-        void initPutByIdReplace(Structure* baseObjectStructure)
+        void initPutByIdReplace(JSGlobalData& globalData, JSCell* owner, Structure* baseObjectStructure)
         {
             accessType = access_put_by_id_replace;
     
-            u.putByIdReplace.baseObjectStructure = baseObjectStructure;
-            baseObjectStructure->ref();
+            u.putByIdReplace.baseObjectStructure.set(globalData, owner, baseObjectStructure);
         }
 
         void deref();
@@ -144,14 +133,14 @@ namespace JSC {
 
         union {
             struct {
-                Structure* baseObjectStructure;
+                WriteBarrierBase<Structure> baseObjectStructure;
             } getByIdSelf;
             struct {
-                Structure* baseObjectStructure;
-                Structure* prototypeStructure;
+                WriteBarrierBase<Structure> baseObjectStructure;
+                WriteBarrierBase<Structure> prototypeStructure;
             } getByIdProto;
             struct {
-                Structure* baseObjectStructure;
+                WriteBarrierBase<Structure> baseObjectStructure;
                 WriteBarrierBase<StructureChain> chain;
             } getByIdChain;
             struct {
@@ -163,12 +152,12 @@ namespace JSC {
                 int listSize;
             } getByIdProtoList;
             struct {
-                Structure* previousStructure;
-                Structure* structure;
+                WriteBarrierBase<Structure> previousStructure;
+                WriteBarrierBase<Structure> structure;
                 WriteBarrierBase<StructureChain> chain;
             } putByIdTransition;
             struct {
-                Structure* baseObjectStructure;
+                WriteBarrierBase<Structure> baseObjectStructure;
             } putByIdReplace;
         } u;
 
index 50ba746..67a796a 100644 (file)
@@ -31,7 +31,7 @@
 namespace JSC {
 
 DebuggerActivation::DebuggerActivation(JSGlobalData& globalData, JSObject* activation)
-    : JSNonFinalObject(DebuggerActivation::createStructure(globalData, jsNull()))
+    : JSNonFinalObject(globalData, DebuggerActivation::createStructure(globalData, jsNull()))
 {
     ASSERT(activation);
     ASSERT(activation->isActivationObject());
index f22d2ff..bfb36db 100644 (file)
@@ -49,7 +49,7 @@ namespace JSC {
         virtual JSValue lookupGetter(ExecState*, const Identifier& propertyName);
         virtual JSValue lookupSetter(ExecState*, const Identifier& propertyName);
 
-        static PassRefPtr<Structure> createStructure(JSGlobalData& globalData, JSValue prototype) 
+        static Structure* createStructure(JSGlobalData& globalData, JSValue prototype) 
         {
             return Structure::create(globalData, prototype, TypeInfo(ObjectType, StructureFlags), AnonymousSlotCount, &s_info); 
         }
index 4734e42..531d535 100644 (file)
@@ -44,9 +44,13 @@ template <class T> class Handle;
 // Creating a JSValue Handle is invalid
 template <> class Handle<JSValue>;
 
+// Forward declare WeakGCMap
+template<typename KeyType, typename MappedType, typename FinalizerCallback, typename HashArg, typename KeyTraitsArg> class WeakGCMap;
+
 class HandleBase {
     friend class HandleHeap;
     friend struct JSCallbackObjectData;
+    template <typename KeyType, typename MappedType, typename FinalizerCallback, typename HashArg, typename KeyTraitsArg> friend class WeakGCMap;
 
 public:
     bool operator!() const { return !m_slot || !*m_slot; }
index 5b4ac5a..3fb1a98 100644 (file)
@@ -57,7 +57,13 @@ void MarkStack::append(ConservativeRoots& conservativeRoots)
 inline void MarkStack::markChildren(JSCell* cell)
 {
     ASSERT(Heap::isMarked(cell));
+    if (cell->structure()->typeInfo().type() < CompoundType) {
+        cell->JSCell::markChildren(*this);
+        return;
+    }
+
     if (!cell->structure()->typeInfo().overridesMarkChildren()) {
+        ASSERT(cell->isObject());
 #ifdef NDEBUG
         asObject(cell)->markChildrenDirect(*this);
 #else
@@ -105,6 +111,7 @@ void MarkStack::drain()
             }
 
             if (cell->structure()->typeInfo().type() < CompoundType) {
+                cell->JSCell::markChildren(*this);
                 if (current.m_values == end) {
                     m_markSets.removeLast();
                     continue;
index 398d433..a10a778 100644 (file)
@@ -60,14 +60,12 @@ MarkedBlock::MarkedBlock(const PageAllocationAligned& allocation, JSGlobalData*
 
     Structure* dummyMarkableCellStructure = globalData->dummyMarkableCellStructure.get();
     for (size_t i = firstAtom(); i < m_endAtom; i += m_atomsPerCell)
-        new (&atoms()[i]) JSCell(dummyMarkableCellStructure);
+        new (&atoms()[i]) JSCell(*globalData, dummyMarkableCellStructure);
 }
 
 void MarkedBlock::sweep()
 {
-#if !ENABLE(JSC_ZOMBIES)
     Structure* dummyMarkableCellStructure = m_heap->globalData()->dummyMarkableCellStructure.get();
-#endif
 
     for (size_t i = firstAtom(); i < m_endAtom; i += m_atomsPerCell) {
         if (m_marks.get(i))
@@ -75,15 +73,15 @@ void MarkedBlock::sweep()
 
         JSCell* cell = reinterpret_cast<JSCell*>(&atoms()[i]);
 #if ENABLE(JSC_ZOMBIES)
-        if (!cell->isZombie()) {
+        if (cell->structure() && cell->structure() != dummyMarkableCellStructure && !cell->isZombie()) {
             const ClassInfo* info = cell->classInfo();
             cell->~JSCell();
-            new (cell) JSZombie(info, JSZombie::leakedZombieStructure(*m_heap->globalData()));
+            new (cell) JSZombie(*m_heap->globalData(), info, m_heap->globalData()->zombieStructure.get());
             m_marks.set(i);
         }
 #else
         cell->~JSCell();
-        new (cell) JSCell(dummyMarkableCellStructure);
+        new (cell) JSCell(*m_heap->globalData(), dummyMarkableCellStructure);
 #endif
     }
 }
index e5b47c7..9f2aa05 100644 (file)
 #include "Assertions.h"
 #include "Handle.h"
 #include "HandleHeap.h"
-#include "JSGlobalData.h"
 
 namespace JSC {
 
+class JSGlobalData;
+HandleSlot allocateGlobalHandle(JSGlobalData&);
+
 // A strongly referenced handle that prevents the object it points to from being garbage collected.
 template <typename T> class Strong : public Handle<T> {
     using Handle<T>::slot;
@@ -47,13 +49,13 @@ public:
     }
     
     Strong(JSGlobalData& globalData, ExternalType value = ExternalType())
-        : Handle<T>(globalData.allocateGlobalHandle())
+        : Handle<T>(allocateGlobalHandle(globalData))
     {
         set(value);
     }
 
     Strong(JSGlobalData& globalData, Handle<T> handle)
-        : Handle<T>(globalData.allocateGlobalHandle())
+        : Handle<T>(allocateGlobalHandle(globalData))
     {
         set(handle.get());
     }
@@ -96,7 +98,7 @@ public:
     void set(JSGlobalData& globalData, ExternalType value)
     {
         if (!slot())
-            setSlot(globalData.allocateGlobalHandle());
+            setSlot(allocateGlobalHandle(globalData));
         set(value);
     }
 
@@ -137,7 +139,6 @@ private:
     {
         ASSERT(slot());
         JSValue value = HandleTypes<T>::toJSValue(externalType);
-        ASSERT(!value || !value.isCell() || Heap::isMarked(value.asCell()));
         HandleHeap::heapFor(slot())->writeBarrier(slot(), value);
         *slot() = value;
     }
index d79c581..724f68f 100644 (file)
@@ -164,7 +164,7 @@ NEVER_INLINE bool Interpreter::resolveGlobal(CallFrame* callFrame, Instruction*
     JSGlobalObject* globalObject = codeBlock->globalObject();
     ASSERT(globalObject->isGlobalObject());
     int property = vPC[2].u.operand;
-    Structure* structure = vPC[3].u.structure;
+    Structure* structure = vPC[3].u.structure.get();
     int offset = vPC[4].u.operand;
 
     if (structure == globalObject->structure()) {
@@ -177,10 +177,7 @@ NEVER_INLINE bool Interpreter::resolveGlobal(CallFrame* callFrame, Instruction*
     if (globalObject->getPropertySlot(callFrame, ident, slot)) {
         JSValue result = slot.getValue(callFrame, ident);
         if (slot.isCacheableValue() && !globalObject->structure()->isUncacheableDictionary() && slot.slotBase() == globalObject) {
-            if (vPC[3].u.structure)
-                vPC[3].u.structure->deref();
-            globalObject->structure()->ref();
-            vPC[3] = globalObject->structure();
+            vPC[3].u.structure.set(callFrame->globalData(), codeBlock->ownerExecutable(), globalObject->structure());
             vPC[4] = slot.cachedOffset();
             callFrame->uncheckedR(dst) = JSValue(result);
             return true;
@@ -204,7 +201,7 @@ NEVER_INLINE bool Interpreter::resolveGlobalDynamic(CallFrame* callFrame, Instru
     JSGlobalObject* globalObject = codeBlock->globalObject();
     ASSERT(globalObject->isGlobalObject());
     int property = vPC[2].u.operand;
-    Structure* structure = vPC[3].u.structure;
+    Structure* structure = vPC[3].u.structure.get();
     int offset = vPC[4].u.operand;
     int skip = vPC[5].u.operand;
     
@@ -255,10 +252,7 @@ NEVER_INLINE bool Interpreter::resolveGlobalDynamic(CallFrame* callFrame, Instru
     if (globalObject->getPropertySlot(callFrame, ident, slot)) {
         JSValue result = slot.getValue(callFrame, ident);
         if (slot.isCacheableValue() && !globalObject->structure()->isUncacheableDictionary() && slot.slotBase() == globalObject) {
-            if (vPC[3].u.structure)
-                vPC[3].u.structure->deref();
-            globalObject->structure()->ref();
-            vPC[3] = globalObject->structure();
+            vPC[3].u.structure.set(callFrame->globalData(), codeBlock->ownerExecutable(), globalObject->structure());
             vPC[4] = slot.cachedOffset();
             ASSERT(result);
             callFrame->uncheckedR(dst) = JSValue(result);
@@ -1225,11 +1219,11 @@ NEVER_INLINE void Interpreter::tryCachePutByID(CallFrame* callFrame, CodeBlock*
     }
 
     // Cache miss: record Structure to compare against next time.
-    Structure* lastStructure = vPC[4].u.structure;
+    Structure* lastStructure = vPC[4].u.structure.get();
     if (structure != lastStructure) {
         // First miss: record Structure to compare against next time.
         if (!lastStructure) {
-            vPC[4] = structure;
+            vPC[4].u.structure.set(callFrame->globalData(), codeBlock->ownerExecutable(), structure);
             return;
         }
 
@@ -1255,24 +1249,23 @@ NEVER_INLINE void Interpreter::tryCachePutByID(CallFrame* callFrame, CodeBlock*
 
         // put_by_id_transition checks the prototype chain for setters.
         normalizePrototypeChain(callFrame, baseCell);
-
+        JSCell* owner = codeBlock->ownerExecutable();
+        JSGlobalData& globalData = callFrame->globalData();
         vPC[0] = getOpcode(op_put_by_id_transition);
-        vPC[4] = structure->previousID();
-        vPC[5] = structure;
-        vPC[6] = Instruction(callFrame->globalData(), codeBlock->ownerExecutable(), structure->prototypeChain(callFrame));
+        vPC[4].u.structure.set(globalData, owner, structure->previousID());
+        vPC[5].u.structure.set(globalData, owner, structure);
+        vPC[6].u.structureChain.set(callFrame->globalData(), codeBlock->ownerExecutable(), structure->prototypeChain(callFrame));
+        ASSERT(vPC[6].u.structureChain);
         vPC[7] = slot.cachedOffset();
-        codeBlock->refStructures(vPC);
         return;
     }
 
     vPC[0] = getOpcode(op_put_by_id_replace);
     vPC[5] = slot.cachedOffset();
-    codeBlock->refStructures(vPC);
 }
 
-NEVER_INLINE void Interpreter::uncachePutByID(CodeBlock* codeBlock, Instruction* vPC)
+NEVER_INLINE void Interpreter::uncachePutByID(CodeBlock*, Instruction* vPC)
 {
-    codeBlock->derefStructures(vPC);
     vPC[0] = getOpcode(op_put_by_id);
     vPC[4] = 0;
 }
@@ -1314,11 +1307,11 @@ NEVER_INLINE void Interpreter::tryCacheGetByID(CallFrame* callFrame, CodeBlock*
     }
 
     // Cache miss
-    Structure* lastStructure = vPC[4].u.structure;
+    Structure* lastStructure = vPC[4].u.structure.get();
     if (structure != lastStructure) {
         // First miss: record Structure to compare against next time.
         if (!lastStructure) {
-            vPC[4] = structure;
+            vPC[4].u.structure.set(callFrame->globalData(), codeBlock->ownerExecutable(), structure);
             return;
         }
 
@@ -1344,8 +1337,6 @@ NEVER_INLINE void Interpreter::tryCacheGetByID(CallFrame* callFrame, CodeBlock*
             vPC[5] = slot.cachedOffset();
             break;
         }
-
-        codeBlock->refStructures(vPC);
         return;
     }
 
@@ -1383,9 +1374,7 @@ NEVER_INLINE void Interpreter::tryCacheGetByID(CallFrame* callFrame, CodeBlock*
             vPC[6] = offset;
             break;
         }
-        vPC[5] = baseObject->structure();
-
-        codeBlock->refStructures(vPC);
+        vPC[5].u.structure.set(callFrame->globalData(), codeBlock->ownerExecutable(), baseObject->structure());
         return;
     }
 
@@ -1411,15 +1400,13 @@ NEVER_INLINE void Interpreter::tryCacheGetByID(CallFrame* callFrame, CodeBlock*
         vPC[7] = offset;
         break;
     }
-    vPC[4] = structure;
-    vPC[5] = Instruction(callFrame->globalData(), codeBlock->ownerExecutable(), structure->prototypeChain(callFrame));
+    vPC[4].u.structure.set(callFrame->globalData(), codeBlock->ownerExecutable(), structure);
+    vPC[5].u.structureChain.set(callFrame->globalData(), codeBlock->ownerExecutable(), structure->prototypeChain(callFrame));
     vPC[6] = count;
-    codeBlock->refStructures(vPC);
 }
 
-NEVER_INLINE void Interpreter::uncacheGetByID(CodeBlock* codeBlock, Instruction* vPC)
+NEVER_INLINE void Interpreter::uncacheGetByID(CodeBlock*, Instruction* vPC)
 {
-    codeBlock->derefStructures(vPC);
     vPC[0] = getOpcode(op_get_by_id);
     vPC[4] = 0;
 }
@@ -2528,7 +2515,7 @@ JSValue Interpreter::privateExecute(ExecutionFlag flag, RegisterFile* registerFi
 
         if (LIKELY(baseValue.isCell())) {
             JSCell* baseCell = baseValue.asCell();
-            Structure* structure = vPC[4].u.structure;
+            Structure* structure = vPC[4].u.structure.get();
 
             if (LIKELY(baseCell->structure() == structure)) {
                 ASSERT(baseCell->isObject());
@@ -2559,12 +2546,12 @@ JSValue Interpreter::privateExecute(ExecutionFlag flag, RegisterFile* registerFi
 
         if (LIKELY(baseValue.isCell())) {
             JSCell* baseCell = baseValue.asCell();
-            Structure* structure = vPC[4].u.structure;
+            Structure* structure = vPC[4].u.structure.get();
 
             if (LIKELY(baseCell->structure() == structure)) {
                 ASSERT(structure->prototypeForLookup(callFrame).isObject());
                 JSObject* protoObject = asObject(structure->prototypeForLookup(callFrame));
-                Structure* prototypeStructure = vPC[5].u.structure;
+                Structure* prototypeStructure = vPC[5].u.structure.get();
 
                 if (LIKELY(protoObject->structure() == prototypeStructure)) {
                     int dst = vPC[1].u.operand;
@@ -2598,12 +2585,12 @@ JSValue Interpreter::privateExecute(ExecutionFlag flag, RegisterFile* registerFi
         
         if (LIKELY(baseValue.isCell())) {
             JSCell* baseCell = baseValue.asCell();
-            Structure* structure = vPC[4].u.structure;
+            Structure* structure = vPC[4].u.structure.get();
             
             if (LIKELY(baseCell->structure() == structure)) {
                 ASSERT(structure->prototypeForLookup(callFrame).isObject());
                 JSObject* protoObject = asObject(structure->prototypeForLookup(callFrame));
-                Structure* prototypeStructure = vPC[5].u.structure;
+                Structure* prototypeStructure = vPC[5].u.structure.get();
                 
                 if (LIKELY(protoObject->structure() == prototypeStructure)) {
                     int dst = vPC[1].u.operand;
@@ -2643,12 +2630,12 @@ JSValue Interpreter::privateExecute(ExecutionFlag flag, RegisterFile* registerFi
         
         if (LIKELY(baseValue.isCell())) {
             JSCell* baseCell = baseValue.asCell();
-            Structure* structure = vPC[4].u.structure;
+            Structure* structure = vPC[4].u.structure.get();
             
             if (LIKELY(baseCell->structure() == structure)) {
                 ASSERT(structure->prototypeForLookup(callFrame).isObject());
                 JSObject* protoObject = asObject(structure->prototypeForLookup(callFrame));
-                Structure* prototypeStructure = vPC[5].u.structure;
+                Structure* prototypeStructure = vPC[5].u.structure.get();
                 
                 if (LIKELY(protoObject->structure() == prototypeStructure)) {
                     int dst = vPC[1].u.operand;
@@ -2712,6 +2699,9 @@ JSValue Interpreter::privateExecute(ExecutionFlag flag, RegisterFile* registerFi
         vPC += OPCODE_LENGTH(op_get_by_id_proto_list);
         NEXT_INSTRUCTION();
     }
+#if USE(GCC_COMPUTED_GOTO_WORKAROUND)
+    goto *(&&skip_get_by_id_chain);
+#endif
     DEFINE_OPCODE(op_get_by_id_chain) {
         /* op_get_by_id_chain dst(r) base(r) property(id) structure(sID) structureChain(chain) count(n) offset(n)
 
@@ -2724,12 +2714,12 @@ JSValue Interpreter::privateExecute(ExecutionFlag flag, RegisterFile* registerFi
 
         if (LIKELY(baseValue.isCell())) {
             JSCell* baseCell = baseValue.asCell();
-            Structure* structure = vPC[4].u.structure;
+            Structure* structure = vPC[4].u.structure.get();
 
             if (LIKELY(baseCell->structure() == structure)) {
-                RefPtr<Structure>* it = vPC[5].u.structureChain->head();
+                WriteBarrier<Structure>* it = vPC[5].u.structureChain->head();
                 size_t count = vPC[6].u.operand;
-                RefPtr<Structure>* end = it + count;
+                WriteBarrier<Structure>* end = it + count;
 
                 while (true) {
                     JSObject* baseObject = asObject(baseCell->structure()->prototypeForLookup(callFrame));
@@ -2759,6 +2749,7 @@ JSValue Interpreter::privateExecute(ExecutionFlag flag, RegisterFile* registerFi
         NEXT_INSTRUCTION();
     }
 #if USE(GCC_COMPUTED_GOTO_WORKAROUND)
+    skip_get_by_id_chain:
     goto *(&&skip_id_getter_self);
 #endif
     DEFINE_OPCODE(op_get_by_id_getter_self) {
@@ -2773,7 +2764,7 @@ JSValue Interpreter::privateExecute(ExecutionFlag flag, RegisterFile* registerFi
         
         if (LIKELY(baseValue.isCell())) {
             JSCell* baseCell = baseValue.asCell();
-            Structure* structure = vPC[4].u.structure;
+            Structure* structure = vPC[4].u.structure.get();
             
             if (LIKELY(baseCell->structure() == structure)) {
                 ASSERT(baseCell->isObject());
@@ -2816,7 +2807,7 @@ JSValue Interpreter::privateExecute(ExecutionFlag flag, RegisterFile* registerFi
         
         if (LIKELY(baseValue.isCell())) {
             JSCell* baseCell = baseValue.asCell();
-            Structure* structure = vPC[4].u.structure;
+            Structure* structure = vPC[4].u.structure.get();
             
             if (LIKELY(baseCell->structure() == structure)) {
                 ASSERT(baseCell->isObject());
@@ -2873,12 +2864,12 @@ skip_id_custom_self:
         
         if (LIKELY(baseValue.isCell())) {
             JSCell* baseCell = baseValue.asCell();
-            Structure* structure = vPC[4].u.structure;
+            Structure* structure = vPC[4].u.structure.get();
             
             if (LIKELY(baseCell->structure() == structure)) {
-                RefPtr<Structure>* it = vPC[5].u.structureChain->head();
+                WriteBarrier<Structure>* it = vPC[5].u.structureChain->head();
                 size_t count = vPC[6].u.operand;
-                RefPtr<Structure>* end = it + count;
+                WriteBarrier<Structure>* end = it + count;
                 
                 while (true) {
                     JSObject* baseObject = asObject(baseCell->structure()->prototypeForLookup(callFrame));
@@ -2928,12 +2919,12 @@ skip_id_custom_self:
         
         if (LIKELY(baseValue.isCell())) {
             JSCell* baseCell = baseValue.asCell();
-            Structure* structure = vPC[4].u.structure;
+            Structure* structure = vPC[4].u.structure.get();
             
             if (LIKELY(baseCell->structure() == structure)) {
-                RefPtr<Structure>* it = vPC[5].u.structureChain->head();
+                WriteBarrier<Structure>* it = vPC[5].u.structureChain->head();
                 size_t count = vPC[6].u.operand;
-                RefPtr<Structure>* end = it + count;
+                WriteBarrier<Structure>* end = it + count;
                 
                 while (true) {
                     JSObject* baseObject = asObject(baseCell->structure()->prototypeForLookup(callFrame));
@@ -2964,6 +2955,7 @@ skip_id_custom_self:
     }
 #if USE(GCC_COMPUTED_GOTO_WORKAROUND)
     skip_id_custom_chain:
+    goto *(&&skip_get_array_length);
 #endif
     DEFINE_OPCODE(op_get_array_length) {
         /* op_get_array_length dst(r) base(r) property(id) nop(sID) nop(n) nop(n) nop(n)
@@ -2985,6 +2977,10 @@ skip_id_custom_self:
         uncacheGetByID(codeBlock, vPC);
         NEXT_INSTRUCTION();
     }
+#if USE(GCC_COMPUTED_GOTO_WORKAROUND)
+    skip_get_array_length:
+    goto *(&&skip_get_string_length);
+#endif
     DEFINE_OPCODE(op_get_string_length) {
         /* op_get_string_length dst(r) base(r) property(id) nop(sID) nop(n) nop(n) nop(n)
 
@@ -3005,6 +3001,10 @@ skip_id_custom_self:
         uncacheGetByID(codeBlock, vPC);
         NEXT_INSTRUCTION();
     }
+#if USE(GCC_COMPUTED_GOTO_WORKAROUND)
+    skip_get_string_length:
+    goto *(&&skip_put_by_id);
+#endif
     DEFINE_OPCODE(op_put_by_id) {
         /* put_by_id base(r) property(id) value(r) nop(n) nop(n) nop(n) nop(n) direct(b)
 
@@ -3038,6 +3038,9 @@ skip_id_custom_self:
         vPC += OPCODE_LENGTH(op_put_by_id);
         NEXT_INSTRUCTION();
     }
+#if USE(GCC_COMPUTED_GOTO_WORKAROUND)
+      skip_put_by_id:
+#endif
     DEFINE_OPCODE(op_put_by_id_transition) {
         /* op_put_by_id_transition base(r) property(id) value(r) oldStructure(sID) newStructure(sID) structureChain(chain) offset(n) direct(b)
          
@@ -3054,8 +3057,8 @@ skip_id_custom_self:
         
         if (LIKELY(baseValue.isCell())) {
             JSCell* baseCell = baseValue.asCell();
-            Structure* oldStructure = vPC[4].u.structure;
-            Structure* newStructure = vPC[5].u.structure;
+            Structure* oldStructure = vPC[4].u.structure.get();
+            Structure* newStructure = vPC[5].u.structure.get();
             
             if (LIKELY(baseCell->structure() == oldStructure)) {
                 ASSERT(baseCell->isObject());
@@ -3063,7 +3066,7 @@ skip_id_custom_self:
                 int direct = vPC[8].u.operand;
                 
                 if (!direct) {
-                    RefPtr<Structure>* it = vPC[6].u.structureChain->head();
+                    WriteBarrier<Structure>* it = vPC[6].u.structureChain->head();
 
                     JSValue proto = baseObject->structure()->prototypeForLookup(callFrame);
                     while (!proto.isNull()) {
@@ -3075,11 +3078,11 @@ skip_id_custom_self:
                         proto = asObject(proto)->structure()->prototypeForLookup(callFrame);
                     }
                 }
-                baseObject->transitionTo(newStructure);
+                baseObject->transitionTo(*globalData, newStructure);
 
                 int value = vPC[3].u.operand;
                 unsigned offset = vPC[7].u.operand;
-                ASSERT(baseObject->offsetForLocation(baseObject->getDirectLocation(callFrame->globalData(), codeBlock->identifier(vPC[2].u.operand))) == offset);
+                ASSERT(baseObject->offsetForLocation(baseObject->getDirectLocation(*globalData, codeBlock->identifier(vPC[2].u.operand))) == offset);
                 baseObject->putDirectOffset(callFrame->globalData(), offset, callFrame->r(value).jsValue());
 
                 vPC += OPCODE_LENGTH(op_put_by_id_transition);
@@ -3106,7 +3109,7 @@ skip_id_custom_self:
 
         if (LIKELY(baseValue.isCell())) {
             JSCell* baseCell = baseValue.asCell();
-            Structure* structure = vPC[4].u.structure;
+            Structure* structure = vPC[4].u.structure.get();
 
             if (LIKELY(baseCell->structure() == structure)) {
                 ASSERT(baseCell->isObject());
@@ -3114,7 +3117,7 @@ skip_id_custom_self:
                 int value = vPC[3].u.operand;
                 unsigned offset = vPC[5].u.operand;
                 
-                ASSERT(baseObject->offsetForLocation(baseObject->getDirectLocation(callFrame->globalData(), codeBlock->identifier(vPC[2].u.operand))) == offset);
+                ASSERT(baseObject->offsetForLocation(baseObject->getDirectLocation(*globalData, codeBlock->identifier(vPC[2].u.operand))) == offset);
                 baseObject->putDirectOffset(callFrame->globalData(), offset, callFrame->r(value).jsValue());
 
                 vPC += OPCODE_LENGTH(op_put_by_id_replace);
index 3d87e51..6b8c6dd 100644 (file)
@@ -235,7 +235,7 @@ namespace JSC {
 
         static void patchGetByIdSelf(CodeBlock* codeblock, StructureStubInfo*, Structure*, size_t cachedOffset, ReturnAddressPtr returnAddress);
         static void patchPutByIdReplace(CodeBlock* codeblock, StructureStubInfo*, Structure*, size_t cachedOffset, ReturnAddressPtr returnAddress, bool direct);
-        static void patchMethodCallProto(CodeBlock* codeblock, MethodCallLinkInfo&, JSFunction*, Structure*, JSObject*, ReturnAddressPtr);
+        static void patchMethodCallProto(JSGlobalData&, CodeBlock* codeblock, MethodCallLinkInfo&, JSFunction*, Structure*, JSObject*, ReturnAddressPtr);
 
         static void compilePatchGetArrayLength(JSGlobalData* globalData, CodeBlock* codeBlock, ReturnAddressPtr returnAddress)
         {
index 7633b6a..a1f1fe6 100644 (file)
@@ -581,7 +581,7 @@ void JIT::privateCompilePutByIdTransition(StructureStubInfo* stubInfo, Structure
 
     // ecx = baseObject->m_structure
     if (!direct) {
-        for (RefPtr<Structure>* it = chain->head(); *it; ++it)
+        for (WriteBarrier<Structure>* it = chain->head(); *it; ++it)
             testPrototype((*it)->storedPrototype(), failureCases);
     }
 
@@ -606,11 +606,7 @@ void JIT::privateCompilePutByIdTransition(StructureStubInfo* stubInfo, Structure
         restoreReturnAddressBeforeReturn(regT3);
     }
 
-    // Assumes m_refCount can be decremented easily, refcount decrement is safe as 
-    // codeblock should ensure oldStructure->m_refCount > 0
-    sub32(TrustedImm32(1), AbsoluteAddress(oldStructure->addressOfCount()));
-    add32(TrustedImm32(1), AbsoluteAddress(newStructure->addressOfCount()));
-    storePtr(TrustedImmPtr(newStructure), Address(regT0, JSCell::structureOffset()));
+    storePtrWithWriteBarrier(TrustedImmPtr(newStructure), regT0, Address(regT0, JSCell::structureOffset()));
 
     // write the value
     compilePutDirectOffset(regT0, regT1, newStructure, cachedOffset);
@@ -652,17 +648,15 @@ void JIT::patchGetByIdSelf(CodeBlock* codeBlock, StructureStubInfo* stubInfo, St
     repatchBuffer.repatch(stubInfo->hotPathBegin.dataLabel32AtOffset(patchOffsetGetByIdPropertyMapOffset), offset);
 }
 
-void JIT::patchMethodCallProto(CodeBlock* codeBlock, MethodCallLinkInfo& methodCallLinkInfo, JSFunction* callee, Structure* structure, JSObject* proto, ReturnAddressPtr returnAddress)
+void JIT::patchMethodCallProto(JSGlobalData& globalData, CodeBlock* codeBlock, MethodCallLinkInfo& methodCallLinkInfo, JSFunction* callee, Structure* structure, JSObject* proto, ReturnAddressPtr returnAddress)
 {
     RepatchBuffer repatchBuffer(codeBlock);
 
     ASSERT(!methodCallLinkInfo.cachedStructure);
-    methodCallLinkInfo.cachedStructure = structure;
-    structure->ref();
+    methodCallLinkInfo.cachedStructure.set(globalData, codeBlock->ownerExecutable(), structure);
 
     Structure* prototypeStructure = proto->structure();
-    methodCallLinkInfo.cachedPrototypeStructure = prototypeStructure;
-    prototypeStructure->ref();
+    methodCallLinkInfo.cachedPrototypeStructure.set(globalData, codeBlock->ownerExecutable(), prototypeStructure);
 
     repatchBuffer.repatch(methodCallLinkInfo.structureLabel, structure);
     repatchBuffer.repatch(methodCallLinkInfo.structureLabel.dataLabelPtrAtOffset(patchOffsetMethodCheckProtoObj), proto);
@@ -735,7 +729,7 @@ void JIT::privateCompileGetByIdProto(StructureStubInfo* stubInfo, Structure* str
     Jump failureCases1 = checkStructure(regT0, structure);
 
     // Check the prototype object's Structure had not changed.
-    Structure* const * prototypeStructureAddress = protoObject->addressOfStructure();
+    const void* prototypeStructureAddress = protoObject->addressOfStructure();
 #if CPU(X86_64)
     move(TrustedImmPtr(prototypeStructure), regT3);
     Jump failureCases2 = branchPtr(NotEqual, AbsoluteAddress(prototypeStructureAddress), regT3);
@@ -839,8 +833,7 @@ void JIT::privateCompileGetByIdSelfList(StructureStubInfo* stubInfo, Polymorphic
 
     CodeLocationLabel entryLabel = patchBuffer.finalizeCodeAddendum();
 
-    structure->ref();
-    polymorphicStructures->list[currentIndex].set(entryLabel, structure);
+    polymorphicStructures->list[currentIndex].set(*m_globalData, m_codeBlock->ownerExecutable(), entryLabel, structure);
 
     // Finally patch the jump to slow case back in the hot path to jump here instead.
     CodeLocationJump jumpLocation = stubInfo->hotPathBegin.jumpAtOffset(patchOffsetGetByIdBranchToSlowCase);
@@ -858,7 +851,7 @@ void JIT::privateCompileGetByIdProtoList(StructureStubInfo* stubInfo, Polymorphi
     Jump failureCases1 = checkStructure(regT0, structure);
 
     // Check the prototype object's Structure had not changed.
-    Structure* const * prototypeStructureAddress = protoObject->addressOfStructure();
+    const void* prototypeStructureAddress = protoObject->addressOfStructure();
 #if CPU(X86_64)
     move(TrustedImmPtr(prototypeStructure), regT3);
     Jump failureCases2 = branchPtr(NotEqual, AbsoluteAddress(prototypeStructureAddress), regT3);
@@ -907,10 +900,7 @@ void JIT::privateCompileGetByIdProtoList(StructureStubInfo* stubInfo, Polymorphi
     patchBuffer.link(success, stubInfo->hotPathBegin.labelAtOffset(patchOffsetGetByIdPutResult));
 
     CodeLocationLabel entryLabel = patchBuffer.finalizeCodeAddendum();
-
-    structure->ref();
-    prototypeStructure->ref();
-    prototypeStructures->list[currentIndex].set(entryLabel, structure, prototypeStructure);
+    prototypeStructures->list[currentIndex].set(*m_globalData, m_codeBlock->ownerExecutable(), entryLabel, structure, prototypeStructure);
 
     // Finally patch the jump to slow case back in the hot path to jump here instead.
     CodeLocationJump jumpLocation = stubInfo->hotPathBegin.jumpAtOffset(patchOffsetGetByIdBranchToSlowCase);
@@ -928,7 +918,7 @@ void JIT::privateCompileGetByIdChainList(StructureStubInfo* stubInfo, Polymorphi
     bucketsOfFail.append(baseObjectCheck);
 
     Structure* currStructure = structure;
-    RefPtr<Structure>* it = chain->head();
+    WriteBarrier<Structure>* it = chain->head();
     JSObject* protoObject = 0;
     for (unsigned i = 0; i < count; ++i, ++it) {
         protoObject = asObject(currStructure->prototypeForLookup(callFrame));
@@ -978,7 +968,6 @@ void JIT::privateCompileGetByIdChainList(StructureStubInfo* stubInfo, Polymorphi
     CodeLocationLabel entryLabel = patchBuffer.finalizeCodeAddendum();
 
     // Track the stub we have created so that it will be deleted later.
-    structure->ref();
     prototypeStructures->list[currentIndex].set(callFrame->globalData(), m_codeBlock->ownerExecutable(), entryLabel, structure, chain);
 
     // Finally patch the jump to slow case back in the hot path to jump here instead.
@@ -997,7 +986,7 @@ void JIT::privateCompileGetByIdChain(StructureStubInfo* stubInfo, Structure* str
     bucketsOfFail.append(checkStructure(regT0, structure));
 
     Structure* currStructure = structure;
-    RefPtr<Structure>* it = chain->head();
+    WriteBarrier<Structure>* it = chain->head();
     JSObject* protoObject = 0;
     for (unsigned i = 0; i < count; ++i, ++it) {
         protoObject = asObject(currStructure->prototypeForLookup(callFrame));
index 9379f7a..d0c3688 100644 (file)
@@ -597,7 +597,7 @@ void JIT::privateCompilePutByIdTransition(StructureStubInfo* stubInfo, Structure
     
     if (!direct) {
         // Verify that nothing in the prototype chain has a setter for this property. 
-        for (RefPtr<Structure>* it = chain->head(); *it; ++it)
+        for (WriteBarrier<Structure>* it = chain->head(); *it; ++it)
             testPrototype((*it)->storedPrototype(), failureCases);
     }
 
@@ -619,10 +619,8 @@ void JIT::privateCompilePutByIdTransition(StructureStubInfo* stubInfo, Structure
         
         restoreReturnAddressBeforeReturn(regT3);
     }
-    
-    sub32(TrustedImm32(1), AbsoluteAddress(oldStructure->addressOfCount()));
-    add32(TrustedImm32(1), AbsoluteAddress(newStructure->addressOfCount()));
-    storePtr(TrustedImmPtr(newStructure), Address(regT0, JSCell::structureOffset()));
+
+    storePtrWithWriteBarrier(TrustedImmPtr(newStructure), regT0, Address(regT0, JSCell::structureOffset()));
     
 #if CPU(MIPS) || CPU(SH4)
     // For MIPS, we don't add sizeof(void*) to the stack offset.
@@ -674,17 +672,14 @@ void JIT::patchGetByIdSelf(CodeBlock* codeBlock, StructureStubInfo* stubInfo, St
     repatchBuffer.repatch(stubInfo->hotPathBegin.dataLabel32AtOffset(patchOffsetGetByIdPropertyMapOffset2), offset + OBJECT_OFFSETOF(JSValue, u.asBits.tag)); // tag
 }
 
-void JIT::patchMethodCallProto(CodeBlock* codeBlock, MethodCallLinkInfo& methodCallLinkInfo, JSFunction* callee, Structure* structure, JSObject* proto, ReturnAddressPtr returnAddress)
+void JIT::patchMethodCallProto(JSGlobalData& globalData, CodeBlock* codeBlock, MethodCallLinkInfo& methodCallLinkInfo, JSFunction* callee, Structure* structure, JSObject* proto, ReturnAddressPtr returnAddress)
 {
     RepatchBuffer repatchBuffer(codeBlock);
     
     ASSERT(!methodCallLinkInfo.cachedStructure);
-    methodCallLinkInfo.cachedStructure = structure;
-    structure->ref();
-    
+    methodCallLinkInfo.cachedStructure.set(globalData, codeBlock->ownerExecutable(), structure);
     Structure* prototypeStructure = proto->structure();
-    methodCallLinkInfo.cachedPrototypeStructure = prototypeStructure;
-    prototypeStructure->ref();
+    methodCallLinkInfo.cachedPrototypeStructure.set(globalData, codeBlock->ownerExecutable(), prototypeStructure);
     
     repatchBuffer.repatch(methodCallLinkInfo.structureLabel, structure);
     repatchBuffer.repatch(methodCallLinkInfo.structureLabel.dataLabelPtrAtOffset(patchOffsetMethodCheckProtoObj), proto);
@@ -762,7 +757,7 @@ void JIT::privateCompileGetByIdProto(StructureStubInfo* stubInfo, Structure* str
     Jump failureCases1 = checkStructure(regT0, structure);
     
     // Check the prototype object's Structure had not changed.
-    Structure* const * prototypeStructureAddress = protoObject->addressOfStructure();
+    const void* prototypeStructureAddress = protoObject->addressOfStructure();
 #if CPU(X86_64)
     move(TrustedImmPtr(prototypeStructure), regT3);
     Jump failureCases2 = branchPtr(NotEqual, AbsoluteAddress(prototypeStructureAddress), regT3);
@@ -867,9 +862,8 @@ void JIT::privateCompileGetByIdSelfList(StructureStubInfo* stubInfo, Polymorphic
     patchBuffer.link(success, stubInfo->hotPathBegin.labelAtOffset(patchOffsetGetByIdPutResult));
 
     CodeLocationLabel entryLabel = patchBuffer.finalizeCodeAddendum();
-    
-    structure->ref();
-    polymorphicStructures->list[currentIndex].set(entryLabel, structure);
+
+    polymorphicStructures->list[currentIndex].set(*m_globalData, m_codeBlock->ownerExecutable(), entryLabel, structure);
     
     // Finally patch the jump to slow case back in the hot path to jump here instead.
     CodeLocationJump jumpLocation = stubInfo->hotPathBegin.jumpAtOffset(patchOffsetGetByIdBranchToSlowCase);
@@ -889,7 +883,7 @@ void JIT::privateCompileGetByIdProtoList(StructureStubInfo* stubInfo, Polymorphi
     Jump failureCases1 = checkStructure(regT0, structure);
     
     // Check the prototype object's Structure had not changed.
-    Structure* const * prototypeStructureAddress = protoObject->addressOfStructure();
+    const void* prototypeStructureAddress = protoObject->addressOfStructure();
 #if CPU(X86_64)
     move(TrustedImmPtr(prototypeStructure), regT3);
     Jump failureCases2 = branchPtr(NotEqual, AbsoluteAddress(prototypeStructureAddress), regT3);
@@ -935,10 +929,8 @@ void JIT::privateCompileGetByIdProtoList(StructureStubInfo* stubInfo, Polymorphi
     patchBuffer.link(success, stubInfo->hotPathBegin.labelAtOffset(patchOffsetGetByIdPutResult));
     
     CodeLocationLabel entryLabel = patchBuffer.finalizeCodeAddendum();
-    
-    structure->ref();
-    prototypeStructure->ref();
-    prototypeStructures->list[currentIndex].set(entryLabel, structure, prototypeStructure);
+
+    prototypeStructures->list[currentIndex].set(callFrame->globalData(), m_codeBlock->ownerExecutable(), entryLabel, structure, prototypeStructure);
     
     // Finally patch the jump to slow case back in the hot path to jump here instead.
     CodeLocationJump jumpLocation = stubInfo->hotPathBegin.jumpAtOffset(patchOffsetGetByIdBranchToSlowCase);
@@ -957,7 +949,7 @@ void JIT::privateCompileGetByIdChainList(StructureStubInfo* stubInfo, Polymorphi
     bucketsOfFail.append(checkStructure(regT0, structure));
     
     Structure* currStructure = structure;
-    RefPtr<Structure>* it = chain->head();
+    WriteBarrier<Structure>* it = chain->head();
     JSObject* protoObject = 0;
     for (unsigned i = 0; i < count; ++i, ++it) {
         protoObject = asObject(currStructure->prototypeForLookup(callFrame));
@@ -1006,7 +998,6 @@ void JIT::privateCompileGetByIdChainList(StructureStubInfo* stubInfo, Polymorphi
     CodeLocationLabel entryLabel = patchBuffer.finalizeCodeAddendum();
     
     // Track the stub we have created so that it will be deleted later.
-    structure->ref();
     prototypeStructures->list[currentIndex].set(callFrame->globalData(), m_codeBlock->ownerExecutable(), entryLabel, structure, chain);
     
     // Finally patch the jump to slow case back in the hot path to jump here instead.
@@ -1026,7 +1017,7 @@ void JIT::privateCompileGetByIdChain(StructureStubInfo* stubInfo, Structure* str
     bucketsOfFail.append(checkStructure(regT0, structure));
     
     Structure* currStructure = structure;
-    RefPtr<Structure>* it = chain->head();
+    WriteBarrier<Structure>* it = chain->head();
     JSObject* protoObject = 0;
     for (unsigned i = 0; i < count; ++i, ++it) {
         protoObject = asObject(currStructure->prototypeForLookup(callFrame));
index 23e9c0d..953bd11 100644 (file)
@@ -848,7 +848,7 @@ NEVER_INLINE void JITThunks::tryCachePutByID(CallFrame* callFrame, CodeBlock* co
         return;
     }
     
-    stubInfo->initPutByIdReplace(structure);
+    stubInfo->initPutByIdReplace(callFrame->globalData(), codeBlock->ownerExecutable(), structure);
 
     JIT::patchPutByIdReplace(codeBlock, stubInfo, structure, slot.cachedOffset(), returnAddress, direct);
 }
@@ -896,7 +896,7 @@ NEVER_INLINE void JITThunks::tryCacheGetByID(CallFrame* callFrame, CodeBlock* co
 
     if (slot.slotBase() == baseValue) {
         // set this up, so derefStructures can do it's job.
-        stubInfo->initGetByIdSelf(structure);
+        stubInfo->initGetByIdSelf(callFrame->globalData(), codeBlock->ownerExecutable(), structure);
         if (slot.cachedPropertyType() != PropertySlot::Value)
             ctiPatchCallByReturnAddress(codeBlock, returnAddress, FunctionPtr(cti_op_get_by_id_self_fail));
         else
@@ -922,7 +922,7 @@ NEVER_INLINE void JITThunks::tryCacheGetByID(CallFrame* callFrame, CodeBlock* co
             offset = slotBaseObject->structure()->get(callFrame->globalData(), propertyName);
         }
         
-        stubInfo->initGetByIdProto(structure, slotBaseObject->structure());
+        stubInfo->initGetByIdProto(callFrame->globalData(), codeBlock->ownerExecutable(), structure, slotBaseObject->structure());
 
         ASSERT(!structure->isDictionary());
         ASSERT(!slotBaseObject->structure()->isDictionary());
@@ -1560,7 +1560,7 @@ DEFINE_STUB_FUNCTION(EncodedJSValue, op_get_by_id_method_check)
 
         // Check to see if the function is on the object's prototype.  Patch up the code to optimize.
         if (slot.slotBase() == structure->prototypeForLookup(callFrame)) {
-            JIT::patchMethodCallProto(codeBlock, methodCallLinkInfo, callee, structure, slotBaseObject, STUB_RETURN_ADDRESS);
+            JIT::patchMethodCallProto(callFrame->globalData(), codeBlock, methodCallLinkInfo, callee, structure, slotBaseObject, STUB_RETURN_ADDRESS);
             return JSValue::encode(result);
         }
 
@@ -1571,7 +1571,7 @@ DEFINE_STUB_FUNCTION(EncodedJSValue, op_get_by_id_method_check)
         // for now.  For now it performs a check on a special object on the global object only used for this
         // purpose.  The object is in no way exposed, and as such the check will always pass.
         if (slot.slotBase() == baseValue) {
-            JIT::patchMethodCallProto(codeBlock, methodCallLinkInfo, callee, structure, callFrame->scopeChain()->globalObject->methodCallDummy(), STUB_RETURN_ADDRESS);
+            JIT::patchMethodCallProto(callFrame->globalData(), codeBlock, methodCallLinkInfo, callee, structure, callFrame->scopeChain()->globalObject->methodCallDummy(), STUB_RETURN_ADDRESS);
             return JSValue::encode(result);
         }
     }
@@ -1630,7 +1630,7 @@ DEFINE_STUB_FUNCTION(EncodedJSValue, op_get_by_id_self_fail)
 
         if (stubInfo->accessType == access_get_by_id_self) {
             ASSERT(!stubInfo->stubRoutine);
-            polymorphicStructureList = new PolymorphicAccessStructureList(CodeLocationLabel(), stubInfo->u.getByIdSelf.baseObjectStructure);
+            polymorphicStructureList = new PolymorphicAccessStructureList(callFrame->globalData(), codeBlock->ownerExecutable(), CodeLocationLabel(), stubInfo->u.getByIdSelf.baseObjectStructure.get());
             stubInfo->initGetByIdSelfList(polymorphicStructureList, 1);
         } else {
             polymorphicStructureList = stubInfo->u.getByIdSelfList.structureList;
@@ -1655,12 +1655,12 @@ static PolymorphicAccessStructureList* getPolymorphicAccessStructureListSlot(JSG
 
     switch (stubInfo->accessType) {
     case access_get_by_id_proto:
-        prototypeStructureList = new PolymorphicAccessStructureList(stubInfo->stubRoutine, stubInfo->u.getByIdProto.baseObjectStructure, stubInfo->u.getByIdProto.prototypeStructure);
+        prototypeStructureList = new PolymorphicAccessStructureList(globalData, owner, stubInfo->stubRoutine, stubInfo->u.getByIdProto.baseObjectStructure.get(), stubInfo->u.getByIdProto.prototypeStructure.get());
         stubInfo->stubRoutine = CodeLocationLabel();
         stubInfo->initGetByIdProtoList(prototypeStructureList, 2);
         break;
     case access_get_by_id_chain:
-        prototypeStructureList = new PolymorphicAccessStructureList(globalData, owner, stubInfo->stubRoutine, stubInfo->u.getByIdChain.baseObjectStructure, stubInfo->u.getByIdChain.chain.get());
+        prototypeStructureList = new PolymorphicAccessStructureList(globalData, owner, stubInfo->stubRoutine, stubInfo->u.getByIdChain.baseObjectStructure.get(), stubInfo->u.getByIdChain.chain.get());
         stubInfo->stubRoutine = CodeLocationLabel();
         stubInfo->initGetByIdProtoList(prototypeStructureList, 2);
         break;
@@ -2753,10 +2753,7 @@ DEFINE_STUB_FUNCTION(EncodedJSValue, op_resolve_global)
         JSValue result = slot.getValue(callFrame, ident);
         if (slot.isCacheableValue() && !globalObject->structure()->isUncacheableDictionary() && slot.slotBase() == globalObject) {
             GlobalResolveInfo& globalResolveInfo = codeBlock->globalResolveInfo(globalResolveInfoIndex);
-            if (globalResolveInfo.structure)
-                globalResolveInfo.structure->deref();
-            globalObject->structure()->ref();
-            globalResolveInfo.structure = globalObject->structure();
+            globalResolveInfo.structure.set(callFrame->globalData(), codeBlock->ownerExecutable(), globalObject->structure());
             globalResolveInfo.offset = slot.cachedOffset();
             return JSValue::encode(result);
         }
index feaf467..e1d9353 100644 (file)
@@ -193,6 +193,11 @@ namespace JSC {
         inline Jump emitLoadInt32(unsigned virtualRegisterIndex, RegisterID dst);
         inline Jump emitLoadDouble(unsigned virtualRegisterIndex, FPRegisterID dst, RegisterID scratch);
 
+        inline void storePtrWithWriteBarrier(TrustedImmPtr ptr, RegisterID /* owner */, Address dest)
+        {
+            storePtr(ptr, dest);
+        }
+
 #if USE(JSVALUE32_64)
         inline Jump emitJumpIfNotJSCell(unsigned virtualRegisterIndex);
         inline Address tagFor(int index, RegisterID base = callFrameRegister);
index 8ccb039..729dce9 100644 (file)
@@ -366,6 +366,7 @@ int main(int argc, char** argv)
 static void cleanupGlobalData(JSGlobalData* globalData)
 {
     JSLock lock(SilenceAssertionsOnly);
+    globalData->clearBuiltinStructures();
     globalData->heap.destroy();
     globalData->deref();
 }
index 950bb4e..b5aa46b 100644 (file)
@@ -92,7 +92,7 @@ namespace JSC {
             d->registers = &activation->registerAt(0);
         }
 
-        static PassRefPtr<Structure> createStructure(JSGlobalData& globalData, JSValue prototype) 
+        static Structure* createStructure(JSGlobalData& globalData, JSValue prototype) 
         { 
             return Structure::create(globalData, prototype, TypeInfo(ObjectType, StructureFlags), AnonymousSlotCount, &s_info); 
         }
@@ -143,7 +143,7 @@ namespace JSC {
     }
 
     inline Arguments::Arguments(CallFrame* callFrame)
-        : JSNonFinalObject(callFrame->lexicalGlobalObject()->argumentsStructure())
+        : JSNonFinalObject(callFrame->globalData(), callFrame->lexicalGlobalObject()->argumentsStructure())
         , d(adoptPtr(new ArgumentsData))
     {
         ASSERT(inherits(&s_info));
@@ -185,7 +185,7 @@ namespace JSC {
     }
 
     inline Arguments::Arguments(CallFrame* callFrame, NoParametersType)
-        : JSNonFinalObject(callFrame->lexicalGlobalObject()->argumentsStructure())
+        : JSNonFinalObject(callFrame->globalData(), callFrame->lexicalGlobalObject()->argumentsStructure())
         , d(adoptPtr(new ArgumentsData))
     {
         ASSERT(inherits(&s_info));
@@ -247,7 +247,7 @@ namespace JSC {
         int registerOffset = m_numParametersMinusThis + RegisterFile::CallFrameHeaderSize;
         size_t registerArraySize = numLocals + RegisterFile::CallFrameHeaderSize;
 
-        OwnArrayPtr<WriteBarrier<Unknown> > registerArray = copyRegisterArray(globalData, m_registers - registerOffset, registerArraySize);
+        OwnArrayPtr<WriteBarrier<Unknown> > registerArray = copyRegisterArray(globalData, m_registers - registerOffset, registerArraySize, m_numParametersMinusThis + 1);
         WriteBarrier<Unknown>* registers = registerArray.get() + registerOffset;
         setRegisters(registers, registerArray.release());
     }
index e0f4b23..050e989 100644 (file)
@@ -37,7 +37,7 @@ ASSERT_CLASS_FITS_IN_CELL(ArrayConstructor);
     
 static EncodedJSValue JSC_HOST_CALL arrayConstructorIsArray(ExecState*);
 
-ArrayConstructor::ArrayConstructor(ExecState* exec, JSGlobalObject* globalObject, NonNullPassRefPtr<Structure> structure, ArrayPrototype* arrayPrototype, Structure* functionStructure)
+ArrayConstructor::ArrayConstructor(ExecState* exec, JSGlobalObject* globalObject, Structure* structure, ArrayPrototype* arrayPrototype, Structure* functionStructure)
     : InternalFunction(&exec->globalData(), globalObject, structure, Identifier(exec, arrayPrototype->classInfo()->className))
 {
     // ECMA 15.4.3.1 Array.prototype
@@ -59,7 +59,7 @@ static inline JSObject* constructArrayWithSizeQuirk(ExecState* exec, const ArgLi
         uint32_t n = args.at(0).toUInt32(exec);
         if (n != args.at(0).toNumber(exec))
             return throwError(exec, createRangeError(exec, "Array size is not a small enough positive integer."));
-        return new (exec) JSArray(globalObject->arrayStructure(), n, CreateInitialized);
+        return new (exec) JSArray(exec->globalData(), globalObject->arrayStructure(), n, CreateInitialized);
     }
 
     // otherwise the array is constructed with the arguments in it
index 5e1408f..97b26c5 100644 (file)
@@ -29,7 +29,7 @@ namespace JSC {
 
     class ArrayConstructor : public InternalFunction {
     public:
-        ArrayConstructor(ExecState*, JSGlobalObject*, NonNullPassRefPtr<Structure>, ArrayPrototype*, Structure*);
+        ArrayConstructor(ExecState*, JSGlobalObject*, Structure*, ArrayPrototype*, Structure*);
 
         virtual ConstructType getConstructData(ConstructData&);
         virtual CallType getCallData(CallData&);
index b843a3d..29caece 100644 (file)
@@ -114,8 +114,8 @@ const ClassInfo ArrayPrototype::s_info = {"Array", &JSArray::s_info, 0, ExecStat
 */
 
 // ECMA 15.4.4
-ArrayPrototype::ArrayPrototype(JSGlobalObject* globalObject, NonNullPassRefPtr<Structure> structure)
-    : JSArray(structure)
+ArrayPrototype::ArrayPrototype(JSGlobalObject* globalObject, Structure* structure)
+    : JSArray(globalObject->globalData(), structure)
 {
     ASSERT(inherits(&s_info));
     putAnonymousValue(globalObject->globalData(), 0, globalObject);
@@ -574,7 +574,7 @@ EncodedJSValue JSC_HOST_CALL arrayProtoFuncSplice(ExecState* exec)
             deleteCount = static_cast<unsigned>(deleteDouble);
     }
 
-    JSArray* resObj = new (exec) JSArray(exec->lexicalGlobalObject()->arrayStructure(), deleteCount, CreateCompact);
+    JSArray* resObj = new (exec) JSArray(exec->globalData(), exec->lexicalGlobalObject()->arrayStructure(), deleteCount, CreateCompact);
     JSValue result = resObj;
     JSGlobalData& globalData = exec->globalData();
     for (unsigned k = 0; k < deleteCount; k++)
index 96641bd..6dadf51 100644 (file)
@@ -28,14 +28,14 @@ namespace JSC {
 
     class ArrayPrototype : public JSArray {
     public:
-        explicit ArrayPrototype(JSGlobalObject*, NonNullPassRefPtr<Structure>);
+        explicit ArrayPrototype(JSGlobalObject*, Structure*);
 
         bool getOwnPropertySlot(ExecState*, const Identifier&, PropertySlot&);
         virtual bool getOwnPropertyDescriptor(ExecState*, const Identifier&, PropertyDescriptor&);
 
         static const ClassInfo s_info;
 
-        static PassRefPtr<Structure> createStructure(JSGlobalData& globalData, JSValue prototype)
+        static Structure* createStructure(JSGlobalData& globalData, JSValue prototype)
         {
             return Structure::create(globalData, prototype, TypeInfo(ObjectType, StructureFlags), AnonymousSlotCount, &s_info);
         }
index edeec57..df7b7f6 100644 (file)
@@ -39,7 +39,7 @@ namespace JSC {
             , m_object(object)
         {
             if (!m_object->structure()->isDictionary())
-                m_object->setStructure(Structure::toCacheableDictionaryTransition(globalData, m_object->structure()));
+                m_object->setStructure(globalData, Structure::toCacheableDictionaryTransition(globalData, m_object->structure()));
         }
 
         ~BatchedTransitionOptimizer()
index e5b0f3d..a1a4ed4 100644 (file)
@@ -28,7 +28,7 @@ namespace JSC {
 
 ASSERT_CLASS_FITS_IN_CELL(BooleanConstructor);
 
-BooleanConstructor::BooleanConstructor(ExecState* exec, JSGlobalObject* globalObject, NonNullPassRefPtr<Structure> structure, BooleanPrototype* booleanPrototype)
+BooleanConstructor::BooleanConstructor(ExecState* exec, JSGlobalObject* globalObject, Structure* structure, BooleanPrototype* booleanPrototype)
     : InternalFunction(&exec->globalData(), globalObject, structure, Identifier(exec, booleanPrototype->classInfo()->className))
 {
     putDirectWithoutTransition(exec->globalData(), exec->propertyNames().prototype, booleanPrototype, DontEnum | DontDelete | ReadOnly);
index 2550b3b..fa0d05e 100644 (file)
@@ -29,7 +29,7 @@ namespace JSC {
 
     class BooleanConstructor : public InternalFunction {
     public:
-        BooleanConstructor(ExecState*, JSGlobalObject*, NonNullPassRefPtr<Structure>, BooleanPrototype*);
+        BooleanConstructor(ExecState*, JSGlobalObject*, Structure*, BooleanPrototype*);
 
     private:
         virtual ConstructType getConstructData(ConstructData&);
index 2945c0e..e24a30a 100644 (file)
@@ -27,8 +27,8 @@ ASSERT_CLASS_FITS_IN_CELL(BooleanObject);
 
 const ClassInfo BooleanObject::s_info = { "Boolean", &JSWrapperObject::s_info, 0, 0 };
 
-BooleanObject::BooleanObject(JSGlobalData&, NonNullPassRefPtr<Structure> structure)
-    : JSWrapperObject(structure)
+BooleanObject::BooleanObject(JSGlobalData& globalData, Structure* structure)
+    : JSWrapperObject(globalData, structure)
 {
     ASSERT(inherits(&s_info));
 }
index ef2d403..def44b4 100644 (file)
@@ -27,11 +27,11 @@ namespace JSC {
 
     class BooleanObject : public JSWrapperObject {
     public:
-        explicit BooleanObject(JSGlobalData& globalData, NonNullPassRefPtr<Structure>);
+        explicit BooleanObject(JSGlobalData&, Structure*);
 
         static const ClassInfo s_info;
         
-        static PassRefPtr<Structure> createStructure(JSGlobalData& globalData, JSValue prototype)
+        static Structure* createStructure(JSGlobalData& globalData, JSValue prototype)
         {
             return Structure::create(globalData, prototype, TypeInfo(ObjectType, StructureFlags), AnonymousSlotCount, &s_info);
         }
index d0a64af..20990e1 100644 (file)
@@ -37,7 +37,7 @@ static EncodedJSValue JSC_HOST_CALL booleanProtoFuncValueOf(ExecState*);
 
 // ECMA 15.6.4
 
-BooleanPrototype::BooleanPrototype(ExecState* exec, JSGlobalObject* globalObject, NonNullPassRefPtr<Structure> structure, Structure* functionStructure)
+BooleanPrototype::BooleanPrototype(ExecState* exec, JSGlobalObject* globalObject, Structure* structure, Structure* functionStructure)
     : BooleanObject(exec->globalData(), structure)
 {
     setInternalValue(exec->globalData(), jsBoolean(false));
index d6d3d9f..5ccbd2b 100644 (file)
@@ -27,7 +27,7 @@ namespace JSC {
 
     class BooleanPrototype : public BooleanObject {
     public:
-        BooleanPrototype(ExecState*, JSGlobalObject*, NonNullPassRefPtr<Structure>, Structure* functionStructure);
+        BooleanPrototype(ExecState*, JSGlobalObject*, Structure*, Structure* functionStructure);
     };
 
 } // namespace JSC
index 0a06148..9bbb688 100644 (file)
@@ -57,7 +57,7 @@ static EncodedJSValue JSC_HOST_CALL dateParse(ExecState*);
 static EncodedJSValue JSC_HOST_CALL dateNow(ExecState*);
 static EncodedJSValue JSC_HOST_CALL dateUTC(ExecState*);
 
-DateConstructor::DateConstructor(ExecState* exec, JSGlobalObject* globalObject, NonNullPassRefPtr<Structure> structure, Structure* functionStructure, DatePrototype* datePrototype)
+DateConstructor::DateConstructor(ExecState* exec, JSGlobalObject* globalObject, Structure* structure, Structure* functionStructure, DatePrototype* datePrototype)
     : InternalFunction(&exec->globalData(), globalObject, structure, Identifier(exec, datePrototype->classInfo()->className))
 {
     putDirectWithoutTransition(exec->globalData(), exec->propertyNames().prototype, datePrototype, DontEnum | DontDelete | ReadOnly);
index bd529f1..23a0311 100644 (file)
@@ -29,7 +29,7 @@ namespace JSC {
 
     class DateConstructor : public InternalFunction {
     public:
-        DateConstructor(ExecState*, JSGlobalObject*, NonNullPassRefPtr<Structure>, Structure* functionStructure, DatePrototype*);
+        DateConstructor(ExecState*, JSGlobalObject*, Structure*, Structure* functionStructure, DatePrototype*);
 
     private:
         virtual ConstructType getConstructData(ConstructData&);
index 74adda4..d8ca072 100644 (file)
@@ -34,15 +34,15 @@ namespace JSC {
 
 const ClassInfo DateInstance::s_info = {"Date", &JSWrapperObject::s_info, 0, 0};
 
-DateInstance::DateInstance(ExecState* exec, NonNullPassRefPtr<Structure> structure)
-    : JSWrapperObject(structure)
+DateInstance::DateInstance(ExecState* exec, Structure* structure)
+    : JSWrapperObject(exec->globalData(), structure)
 {
     ASSERT(inherits(&s_info));
     setInternalValue(exec->globalData(), jsNaN());
 }
 
-DateInstance::DateInstance(ExecState* exec, NonNullPassRefPtr<Structure> structure, double time)
-    : JSWrapperObject(structure)
+DateInstance::DateInstance(ExecState* exec, Structure* structure, double time)
+    : JSWrapperObject(exec->globalData(), structure)
 {
     ASSERT(inherits(&s_info));
     setInternalValue(exec->globalData(), jsNumber(timeClip(time)));
index d0dcf0b..6195c85 100644 (file)
@@ -31,8 +31,8 @@ namespace JSC {
 
     class DateInstance : public JSWrapperObject {
     public:
-        DateInstance(ExecState*, NonNullPassRefPtr<Structure>, double);
-        explicit DateInstance(ExecState*, NonNullPassRefPtr<Structure>);
+        DateInstance(ExecState*, Structure*, double);
+        explicit DateInstance(ExecState*, Structure*);
 
         double internalNumber() const { return internalValue().uncheckedGetNumber(); }
 
@@ -52,7 +52,7 @@ namespace JSC {
             return calculateGregorianDateTimeUTC(exec);
         }
 
-        static PassRefPtr<Structure> createStructure(JSGlobalData& globalData, JSValue prototype)
+        static Structure* createStructure(JSGlobalData& globalData, JSValue prototype)
         {
             return Structure::create(globalData, prototype, TypeInfo(ObjectType, StructureFlags), AnonymousSlotCount, &s_info);
         }
index 314baa4..444fa98 100644 (file)
@@ -429,7 +429,7 @@ const ClassInfo DatePrototype::s_info = {"Date", &DateInstance::s_info, 0, ExecS
 
 // ECMA 15.9.4
 
-DatePrototype::DatePrototype(ExecState* exec, JSGlobalObject* globalObject, NonNullPassRefPtr<Structure> structure)
+DatePrototype::DatePrototype(ExecState* exec, JSGlobalObject* globalObject, Structure* structure)
     : DateInstance(exec, structure)
 {
     ASSERT(inherits(&s_info));
index 0ebbedc..2e1030d 100644 (file)
@@ -29,14 +29,14 @@ namespace JSC {
 
     class DatePrototype : public DateInstance {
     public:
-        DatePrototype(ExecState*, JSGlobalObject*, NonNullPassRefPtr<Structure>);
+        DatePrototype(ExecState*, JSGlobalObject*, Structure*);
 
         virtual bool getOwnPropertySlot(ExecState*, const Identifier&, PropertySlot&);
         virtual bool getOwnPropertyDescriptor(ExecState*, const Identifier&, PropertyDescriptor&);
 
         static const ClassInfo s_info;
 
-        static PassRefPtr<Structure> createStructure(JSGlobalData& globalData, JSValue prototype)
+        static Structure* createStructure(JSGlobalData& globalData, JSValue prototype)
         {
             return Structure::create(globalData, prototype, TypeInfo(ObjectType, StructureFlags), AnonymousSlotCount, &s_info);
         }
index b84f5ea..7eda19f 100644 (file)
@@ -167,7 +167,7 @@ JSObject* throwSyntaxError(ExecState* exec)
 
 class StrictModeTypeErrorFunction : public InternalFunction {
 public:
-    StrictModeTypeErrorFunction(ExecState* exec, JSGlobalObject* globalObject, NonNullPassRefPtr<Structure> structure, const UString& message)
+    StrictModeTypeErrorFunction(ExecState* exec, JSGlobalObject* globalObject, Structure* structure, const UString& message)
         : InternalFunction(&exec->globalData(), globalObject, structure, exec->globalData().propertyNames->emptyIdentifier)
         , m_message(message)
     {
index 7f4f82c..df112dd 100644 (file)
@@ -29,7 +29,7 @@ namespace JSC {
 
 ASSERT_CLASS_FITS_IN_CELL(ErrorConstructor);
 
-ErrorConstructor::ErrorConstructor(ExecState* exec, JSGlobalObject* globalObject, NonNullPassRefPtr<Structure> structure, ErrorPrototype* errorPrototype)
+ErrorConstructor::ErrorConstructor(ExecState* exec, JSGlobalObject* globalObject, Structure* structure, ErrorPrototype* errorPrototype)
     : InternalFunction(&exec->globalData(), globalObject, structure, Identifier(exec, errorPrototype->classInfo()->className))
 {
     // ECMA 15.11.3.1 Error.prototype
index 3d0d706..ceec005 100644 (file)
@@ -30,7 +30,7 @@ namespace JSC {
 
     class ErrorConstructor : public InternalFunction {
     public:
-        ErrorConstructor(ExecState*, JSGlobalObject*, NonNullPassRefPtr<Structure>, ErrorPrototype*);
+        ErrorConstructor(ExecState*, JSGlobalObject*, Structure*, ErrorPrototype*);
 
     private:
         virtual ConstructType getConstructData(ConstructData&);
index 0db2af8..ed95ba4 100644 (file)
@@ -25,28 +25,28 @@ namespace JSC {
 
 const ClassInfo ErrorInstance::s_info = { "Error", &JSNonFinalObject::s_info, 0, 0 };
 
-ErrorInstance::ErrorInstance(JSGlobalData* globalData, NonNullPassRefPtr<Structure> structure)
-    : JSNonFinalObject(structure)
+ErrorInstance::ErrorInstance(JSGlobalData* globalData, Structure* structure)
+    : JSNonFinalObject(*globalData, structure)
     , m_appendSourceToMessage(false)
 {
     ASSERT(inherits(&s_info));
     putDirect(*globalData, globalData->propertyNames->message, jsString(globalData, ""));
 }
 
-ErrorInstance::ErrorInstance(JSGlobalData* globalData, NonNullPassRefPtr<Structure> structure, const UString& message)
-    : JSNonFinalObject(structure)
+ErrorInstance::ErrorInstance(JSGlobalData* globalData, Structure* structure, const UString& message)
+    : JSNonFinalObject(*globalData, structure)
     , m_appendSourceToMessage(false)
 {
     ASSERT(inherits(&s_info));
     putDirect(*globalData, globalData->propertyNames->message, jsString(globalData, message));
 }
 
-ErrorInstance* ErrorInstance::create(JSGlobalData* globalData, NonNullPassRefPtr<Structure> structure, const UString& message)
+ErrorInstance* ErrorInstance::create(JSGlobalData* globalData, Structure* structure, const UString& message)
 {
     return new (globalData) ErrorInstance(globalData, structure, message);
 }
 
-ErrorInstance* ErrorInstance::create(ExecState* exec, NonNullPassRefPtr<Structure> structure, JSValue message)
+ErrorInstance* ErrorInstance::create(ExecState* exec, Structure* structure, JSValue message)
 {
     if (message.isUndefined())
         return new (exec) ErrorInstance(&exec->globalData(), structure);
index 82dbf0f..afcf158 100644 (file)
@@ -29,13 +29,13 @@ namespace JSC {
     public:
         static const ClassInfo s_info;
 
-        static PassRefPtr<Structure> createStructure(JSGlobalData& globalData, JSValue prototype)
+        static Structure* createStructure(JSGlobalData& globalData, JSValue prototype)
         {
             return Structure::create(globalData, prototype, TypeInfo(ObjectType, StructureFlags), AnonymousSlotCount, &s_info);
         }
 
-        static ErrorInstance* create(JSGlobalData*, NonNullPassRefPtr<Structure>, const UString&);
-        static ErrorInstance* create(ExecState* exec, NonNullPassRefPtr<Structure>, JSValue message);
+        static ErrorInstance* create(JSGlobalData*, Structure*, const UString&);
+        static ErrorInstance* create(ExecState*, Structure*, JSValue message);
 
 
         bool appendSourceToMessage() { return m_appendSourceToMessage; }
@@ -45,8 +45,8 @@ namespace JSC {
         virtual bool isErrorInstance() const { return true; }
 
     protected:
-        explicit ErrorInstance(JSGlobalData*, NonNullPassRefPtr<Structure>);
-        explicit ErrorInstance(JSGlobalData*, NonNullPassRefPtr<Structure>, const UString&);
+        explicit ErrorInstance(JSGlobalData*, Structure*);
+        explicit ErrorInstance(JSGlobalData*, Structure*, const UString&);
 
         bool m_appendSourceToMessage;
     };
index e13251c..a57e947 100644 (file)
@@ -35,7 +35,7 @@ ASSERT_CLASS_FITS_IN_CELL(ErrorPrototype);
 static EncodedJSValue JSC_HOST_CALL errorProtoFuncToString(ExecState*);
 
 // ECMA 15.9.4
-ErrorPrototype::ErrorPrototype(ExecState* exec, JSGlobalObject* globalObject, NonNullPassRefPtr<Structure> structure, Structure* functionStructure)
+ErrorPrototype::ErrorPrototype(ExecState* exec, JSGlobalObject* globalObject, Structure* structure, Structure* functionStructure)
     : ErrorInstance(&exec->globalData(), structure)
 {
     // The constructor will be added later in ErrorConstructor's constructor
index 3c2fed3..9437d3a 100644 (file)
@@ -29,7 +29,7 @@ namespace JSC {
 
     class ErrorPrototype : public ErrorInstance {
     public:
-        ErrorPrototype(ExecState*, JSGlobalObject*, NonNullPassRefPtr<Structure>, Structure* functionStructure);
+        ErrorPrototype(ExecState*, JSGlobalObject*, Structure*, Structure* functionStructure);
     };
 
 } // namespace JSC
index d3c637e..1d74315 100644 (file)
@@ -44,7 +44,7 @@ namespace JSC {
 class InterruptedExecutionError : public JSNonFinalObject {
 public:
     InterruptedExecutionError(JSGlobalData* globalData)
-        : JSNonFinalObject(globalData->interruptedExecutionErrorStructure)
+        : JSNonFinalObject(*globalData, globalData->interruptedExecutionErrorStructure.get())
     {
     }
 
@@ -61,7 +61,7 @@ JSObject* createInterruptedExecutionException(JSGlobalData* globalData)
 class TerminatedExecutionError : public JSNonFinalObject {
 public:
     TerminatedExecutionError(JSGlobalData* globalData)
-        : JSNonFinalObject(globalData->terminatedExecutionErrorStructure)
+        : JSNonFinalObject(*globalData, globalData->terminatedExecutionErrorStructure.get())
     {
     }
 
index 5cd02f7..fa14ad5 100644 (file)
@@ -48,10 +48,6 @@ NativeExecutable::~NativeExecutable()
 {
 }
 
-VPtrHackExecutable::~VPtrHackExecutable()
-{
-}
-
 const ClassInfo EvalExecutable::s_info = { "EvalExecutable", &ScriptExecutable::s_info, 0, 0 };
 
 EvalExecutable::EvalExecutable(ExecState* exec, const SourceCode& source, bool inStrictContext)
index 11852be..fbe33cf 100644 (file)
@@ -52,8 +52,8 @@ namespace JSC {
         static const int NUM_PARAMETERS_NOT_COMPILED = -1;
     
     public:
-        ExecutableBase(Structure* structure, int numParameters)
-            : JSCell(structure)
+        ExecutableBase(JSGlobalData& globalData, Structure* structure, int numParameters)
+            : JSCell(globalData, structure)
             , m_numParametersForCall(numParameters)
             , m_numParametersForConstruct(numParameters)
         {
@@ -65,7 +65,7 @@ namespace JSC {
             return m_numParametersForCall == NUM_PARAMETERS_IS_HOST;
         }
 
-        static PassRefPtr<Structure> createStructure(JSGlobalData& globalData, JSValue proto) { return Structure::create(globalData, proto, TypeInfo(CompoundType, StructureFlags), AnonymousSlotCount, &s_info); }
+        static Structure* createStructure(JSGlobalData& globalData, JSValue proto) { return Structure::create(globalData, proto, TypeInfo(CompoundType, StructureFlags), AnonymousSlotCount, &s_info); }
 
     protected:
         static const unsigned StructureFlags = 0;
@@ -116,12 +116,12 @@ namespace JSC {
 
         NativeFunction function() { return m_function; }
 
-        static PassRefPtr<Structure> createStructure(JSGlobalData& globalData, JSValue proto) { return Structure::create(globalData, proto, TypeInfo(CompoundType, StructureFlags), AnonymousSlotCount, &s_info); }
+        static Structure* createStructure(JSGlobalData& globalData, JSValue proto) { return Structure::create(globalData, proto, TypeInfo(LeafType, StructureFlags), AnonymousSlotCount, &s_info); }
 
     private:
 #if ENABLE(JIT)
         NativeExecutable(JSGlobalData& globalData, JITCode callThunk, NativeFunction function, JITCode constructThunk, NativeFunction constructor)
-            : ExecutableBase(globalData.nativeExecutableStructure.get(), NUM_PARAMETERS_IS_HOST)
+            : ExecutableBase(globalData, globalData.nativeExecutableStructure.get(), NUM_PARAMETERS_IS_HOST)
             , m_function(function)
             , m_constructor(constructor)
         {
@@ -132,7 +132,7 @@ namespace JSC {
         }
 #else
         NativeExecutable(JSGlobalData& globalData, NativeFunction function, NativeFunction constructor)
-            : ExecutableBase(globalData.nativeExecutableStructure.get(), NUM_PARAMETERS_IS_HOST)
+            : ExecutableBase(globalData, globalData.nativeExecutableStructure.get(), NUM_PARAMETERS_IS_HOST)
             , m_function(function)
             , m_constructor(constructor)
         {
@@ -146,20 +146,10 @@ namespace JSC {
         static const ClassInfo s_info;
     };
 
-    class VPtrHackExecutable : public ExecutableBase {
-    public:
-        VPtrHackExecutable(Structure* structure)
-            : ExecutableBase(structure, NUM_PARAMETERS_IS_HOST)
-        {
-        }
-
-        ~VPtrHackExecutable();
-    };
-
     class ScriptExecutable : public ExecutableBase {
     public:
         ScriptExecutable(Structure* structure, JSGlobalData* globalData, const SourceCode& source, bool isInStrictContext)
-            : ExecutableBase(structure, NUM_PARAMETERS_NOT_COMPILED)
+            : ExecutableBase(*globalData, structure, NUM_PARAMETERS_NOT_COMPILED)
             , m_source(source)
             , m_features(isInStrictContext ? StrictModeFeature : 0)
         {
@@ -173,7 +163,7 @@ namespace JSC {
         }
 
         ScriptExecutable(Structure* structure, ExecState* exec, const SourceCode& source, bool isInStrictContext)
-            : ExecutableBase(structure, NUM_PARAMETERS_NOT_COMPILED)
+            : ExecutableBase(exec->globalData(), structure, NUM_PARAMETERS_NOT_COMPILED)
             , m_source(source)
             , m_features(isInStrictContext ? StrictModeFeature : 0)
         {
@@ -242,7 +232,7 @@ namespace JSC {
             return generatedJITCodeForCall();
         }
 #endif
-        static PassRefPtr<Structure> createStructure(JSGlobalData& globalData, JSValue proto) { return Structure::create(globalData, proto, TypeInfo(CompoundType, StructureFlags), AnonymousSlotCount, &s_info); }
+        static Structure* createStructure(JSGlobalData& globalData, JSValue proto) { return Structure::create(globalData, proto, TypeInfo(CompoundType, StructureFlags), AnonymousSlotCount, 0); }
 
     private:
         static const unsigned StructureFlags = OverridesMarkChildren | ScriptExecutable::StructureFlags;
@@ -289,7 +279,7 @@ namespace JSC {
         }
 #endif
         
-        static PassRefPtr<Structure> createStructure(JSGlobalData& globalData, JSValue proto) { return Structure::create(globalData, proto, TypeInfo(CompoundType, StructureFlags), AnonymousSlotCount, &s_info); }
+        static Structure* createStructure(JSGlobalData& globalData, JSValue proto) { return Structure::create(globalData, proto, TypeInfo(CompoundType, StructureFlags), AnonymousSlotCount, 0); }
 
     private:
         static const unsigned StructureFlags = OverridesMarkChildren | ScriptExecutable::StructureFlags;
@@ -382,7 +372,7 @@ namespace JSC {
         void discardCode();
         void markChildren(MarkStack&);
         static FunctionExecutable* fromGlobalCode(const Identifier&, ExecState*, Debugger*, const SourceCode&, JSObject** exception);
-        static PassRefPtr<Structure> createStructure(JSGlobalData& globalData, JSValue proto) { return Structure::create(globalData, proto, TypeInfo(CompoundType, StructureFlags), AnonymousSlotCount, &s_info); }
+        static Structure* createStructure(JSGlobalData& globalData, JSValue proto) { return Structure::create(globalData, proto, TypeInfo(CompoundType, StructureFlags), AnonymousSlotCount, 0); }
 
     private:
         FunctionExecutable(JSGlobalData*, const Identifier& name, const SourceCode&, bool forceUsesArguments, FunctionParameters*, bool, int firstLine, int lastLine);
index a9f0a06..9e7d8d5 100644 (file)
@@ -37,7 +37,7 @@ namespace JSC {
 
 ASSERT_CLASS_FITS_IN_CELL(FunctionConstructor);
 
-FunctionConstructor::FunctionConstructor(ExecState* exec, JSGlobalObject* globalObject, NonNullPassRefPtr<Structure> structure, FunctionPrototype* functionPrototype)
+FunctionConstructor::FunctionConstructor(ExecState* exec, JSGlobalObject* globalObject, Structure* structure, FunctionPrototype* functionPrototype)
     : InternalFunction(&exec->globalData(), globalObject, structure, Identifier(exec, functionPrototype->classInfo()->className))
 {
     putDirectWithoutTransition(exec->globalData(), exec->propertyNames().prototype, functionPrototype, DontEnum | DontDelete | ReadOnly);
index 7f21b20..31a04c9 100644 (file)
@@ -29,7 +29,7 @@ namespace JSC {
 
     class FunctionConstructor : public InternalFunction {
     public:
-        FunctionConstructor(ExecState*, JSGlobalObject*, NonNullPassRefPtr<Structure>, FunctionPrototype*);
+        FunctionConstructor(ExecState*, JSGlobalObject*, Structure*, FunctionPrototype*);
 
     private:
         virtual ConstructType getConstructData(ConstructData&);
index c2d8ad3..e2a4941 100644 (file)
@@ -37,7 +37,7 @@ static EncodedJSValue JSC_HOST_CALL functionProtoFuncToString(ExecState*);
 static EncodedJSValue JSC_HOST_CALL functionProtoFuncApply(ExecState*);
 static EncodedJSValue JSC_HOST_CALL functionProtoFuncCall(ExecState*);
 
-FunctionPrototype::FunctionPrototype(ExecState* exec, JSGlobalObject* globalObject, NonNullPassRefPtr<Structure> structure)
+FunctionPrototype::FunctionPrototype(ExecState* exec, JSGlobalObject* globalObject, Structure* structure)
     : InternalFunction(&exec->globalData(), globalObject, structure, exec->propertyNames().nullIdentifier)
 {
     putDirectWithoutTransition(exec->globalData(), exec->propertyNames().length, jsNumber(0), DontDelete | ReadOnly | DontEnum);
index 447f00b..ab708dd 100644 (file)
@@ -27,10 +27,10 @@ namespace JSC {
 
     class FunctionPrototype : public InternalFunction {
     public:
-        FunctionPrototype(ExecState*, JSGlobalObject*, NonNullPassRefPtr<Structure>);
+        FunctionPrototype(ExecState*, JSGlobalObject*, Structure*);
         void addFunctionProperties(ExecState*, JSGlobalObject*, Structure* functionStructure, JSFunction** callFunction, JSFunction** applyFunction);
 
-        static PassRefPtr<Structure> createStructure(JSGlobalData& globalData, JSValue proto)
+        static Structure* createStructure(JSGlobalData& globalData, JSValue proto)
         {
             return Structure::create(globalData, proto, TypeInfo(ObjectType, StructureFlags), AnonymousSlotCount, &s_info);
         }
index 0cdfec4..a222c7a 100644 (file)
@@ -38,7 +38,7 @@ namespace JSC {
         friend class JIT;
     public:
         GetterSetter(ExecState* exec)
-            : JSCell(exec->globalData().getterSetterStructure.get())
+            : JSCell(exec->globalData(), exec->globalData().getterSetterStructure.get())
         {
         }
 
@@ -48,7 +48,7 @@ namespace JSC {
         void setGetter(JSGlobalData& globalData, JSObject* getter) { m_getter.set(globalData, this, getter); }
         JSObject* setter() const { return m_setter.get(); }
         void setSetter(JSGlobalData& globalData, JSObject* setter) { m_setter.set(globalData, this, setter); }
-        static PassRefPtr<Structure> createStructure(JSGlobalData& globalData, JSValue prototype)
+        static Structure* createStructure(JSGlobalData& globalData, JSValue prototype)
         {
             return Structure::create(globalData, prototype, TypeInfo(GetterSetterType, OverridesMarkChildren), AnonymousSlotCount, 0);
         }
index aef60c8..27611b7 100644 (file)
@@ -59,7 +59,6 @@ static void initializeThreadingOnce()
     s_dtoaP5Mutex = new Mutex;
     initializeDates();
     RegisterFile::initializeThreading();
-    Structure::initializeThreading();
 #endif
 }
 
index 6091831..c3b07f8 100644 (file)
@@ -36,13 +36,12 @@ ASSERT_CLASS_FITS_IN_CELL(InternalFunction);
 
 const ClassInfo InternalFunction::s_info = { "Function", &JSObjectWithGlobalObject::s_info, 0, 0 };
 
-InternalFunction::InternalFunction(NonNullPassRefPtr<Structure> structure)
-    : JSObjectWithGlobalObject(structure)
+InternalFunction::InternalFunction(VPtrStealingHackType)
+    : JSObjectWithGlobalObject(VPtrStealingHack)
 {
-    ASSERT(inherits(&s_info));
 }
 
-InternalFunction::InternalFunction(JSGlobalData* globalData, JSGlobalObject* globalObject, NonNullPassRefPtr<Structure> structure, const Identifier& name)
+InternalFunction::InternalFunction(JSGlobalData* globalData, JSGlobalObject* globalObject, Structure* structure, const Identifier& name)
     : JSObjectWithGlobalObject(globalObject, structure)
 {
     ASSERT(inherits(&s_info));
index 08c98a5..28e260e 100644 (file)
@@ -39,7 +39,7 @@ namespace JSC {
         const UString displayName(ExecState*);
         const UString calculatedDisplayName(ExecState*);
 
-        static PassRefPtr<Structure> createStructure(JSGlobalData& globalData, JSValue proto) 
+        static Structure* createStructure(JSGlobalData& globalData, JSValue proto) 
         { 
             return Structure::create(globalData, proto, TypeInfo(ObjectType, StructureFlags), AnonymousSlotCount, &s_info); 
         }
@@ -48,9 +48,9 @@ namespace JSC {
         static const unsigned StructureFlags = ImplementsHasInstance | JSObject::StructureFlags;
 
         // Only used to allow us to determine the JSFunction vptr
-        InternalFunction(NonNullPassRefPtr<Structure> structure);
+        InternalFunction(VPtrStealingHackType);
 
-        InternalFunction(JSGlobalData*, JSGlobalObject*, NonNullPassRefPtr<Structure>, const Identifier&);
+        InternalFunction(JSGlobalData*, JSGlobalObject*, Structure*, const Identifier&);
 
     private:
         virtual CallType getCallData(CallData&) = 0;
index 00fe0a0..0165488 100644 (file)
@@ -36,7 +36,7 @@ namespace JSC {
 
         virtual bool isAPIValueWrapper() const { return true; }
 
-        static PassRefPtr<Structure> createStructure(JSGlobalData& globalData, JSValue prototype)
+        static Structure* createStructure(JSGlobalData& globalData, JSValue prototype)
         {
             return Structure::create(globalData, prototype, TypeInfo(CompoundType, OverridesMarkChildren | OverridesGetPropertyNames), AnonymousSlotCount, 0);
         }
@@ -44,7 +44,7 @@ namespace JSC {
         
     private:
         JSAPIValueWrapper(ExecState* exec, JSValue value)
-            : JSCell(exec->globalData().apiWrapperStructure.get())
+            : JSCell(exec->globalData(), exec->globalData().apiWrapperStructure.get())
         {
             m_value.set(exec->globalData(), this, value);
             ASSERT(!value.isCell());
index 83b6a1c..4e36641 100644 (file)
@@ -40,7 +40,7 @@ ASSERT_CLASS_FITS_IN_CELL(JSActivation);
 const ClassInfo JSActivation::s_info = { "JSActivation", &Base::s_info, 0, 0 };
 
 JSActivation::JSActivation(CallFrame* callFrame, FunctionExecutable* functionExecutable)
-    : Base(callFrame->globalData().activationStructure, functionExecutable->symbolTable(), callFrame->registers())
+    : Base(callFrame->globalData(), callFrame->globalData().activationStructure.get(), functionExecutable->symbolTable(), callFrame->registers())
     , m_numParametersMinusThis(static_cast<int>(functionExecutable->parameterCount()))
     , m_numCapturedVars(functionExecutable->capturedVariableCount())
     , m_requiresDynamicChecks(functionExecutable->usesEval())
index 7463f47..65642f1 100644 (file)
@@ -66,7 +66,7 @@ namespace JSC {
         
         static const ClassInfo s_info;
 
-        static PassRefPtr<Structure> createStructure(JSGlobalData& globalData, JSValue proto) { return Structure::create(globalData, proto, TypeInfo(ObjectType, StructureFlags), AnonymousSlotCount, &s_info); }
+        static Structure* createStructure(JSGlobalData& globalData, JSValue proto) { return Structure::create(globalData, proto, TypeInfo(ObjectType, StructureFlags), AnonymousSlotCount, &s_info); }
 
     protected:
         static const unsigned StructureFlags = OverridesGetOwnPropertySlot | NeedsThisConversion | OverridesMarkChildren | OverridesGetPropertyNames | JSVariableObject::StructureFlags;
index 1d621fe..bf61097 100644 (file)
@@ -127,26 +127,12 @@ inline void JSArray::checkConsistency(ConsistencyCheckType)
 #endif
 
 JSArray::JSArray(VPtrStealingHackType)
-    : JSNonFinalObject(Structure::create(Structure::VPtrStealingHack, &s_info))
+    : JSNonFinalObject(VPtrStealingHack)
 {
-    ASSERT(inherits(&s_info));
-
-    unsigned initialCapacity = 0;
-
-    m_storage = static_cast<ArrayStorage*>(fastZeroedMalloc(storageSize(initialCapacity)));
-    m_storage->m_allocBase = m_storage;
-    m_indexBias = 0;
-    m_vectorLength = initialCapacity;
-
-    checkConsistency();
-    
-    // It's not safe to call Heap::heap(this) in order to report extra memory
-    // cost here, because the VPtrStealingHackType JSArray is not allocated on
-    // the heap. For the same reason, it's OK not to report extra cost.
 }
 
-JSArray::JSArray(NonNullPassRefPtr<Structure> structure)
-    : JSNonFinalObject(structure)
+JSArray::JSArray(JSGlobalData& globalData, Structure* structure)
+    : JSNonFinalObject(globalData, structure)
 {
     ASSERT(inherits(&s_info));
 
@@ -162,8 +148,8 @@ JSArray::JSArray(NonNullPassRefPtr<Structure> structure)
     Heap::heap(this)->reportExtraMemoryCost(storageSize(0));
 }
 
-JSArray::JSArray(NonNullPassRefPtr<Structure> structure, unsigned initialLength, ArrayCreationMode creationMode)
-    : JSNonFinalObject(structure)
+JSArray::JSArray(JSGlobalData& globalData, Structure* structure, unsigned initialLength, ArrayCreationMode creationMode)
+    : JSNonFinalObject(globalData, structure)
 {
     ASSERT(inherits(&s_info));
 
@@ -204,8 +190,8 @@ JSArray::JSArray(NonNullPassRefPtr<Structure> structure, unsigned initialLength,
     Heap::heap(this)->reportExtraMemoryCost(storageSize(initialCapacity));
 }
 
-JSArray::JSArray(JSGlobalData& globalData, NonNullPassRefPtr<Structure> structure, const ArgList& list)
-    : JSNonFinalObject(structure)
+JSArray::JSArray(JSGlobalData& globalData, Structure* structure, const ArgList& list)
+    : JSNonFinalObject(globalData, structure)
 {
     ASSERT(inherits(&s_info));
 
index 1a6eba8..8be8513 100644 (file)
@@ -61,12 +61,11 @@ namespace JSC {
         friend class Walker;
 
     public:
-        enum VPtrStealingHackType { VPtrStealingHack };
         JSArray(VPtrStealingHackType);
 
-        explicit JSArray(NonNullPassRefPtr<Structure>);
-        JSArray(NonNullPassRefPtr<Structure>, unsigned initialLength, ArrayCreationMode);
-        JSArray(JSGlobalData&, NonNullPassRefPtr<Structure>, const ArgList& initialValues);
+        explicit JSArray(JSGlobalData&, Structure*);
+        JSArray(JSGlobalData&, Structure*, unsigned initialLength, ArrayCreationMode);
+        JSArray(JSGlobalData&, Structure*, const ArgList& initialValues);
         virtual ~JSArray();
 
         virtual bool getOwnPropertySlot(ExecState*, const Identifier& propertyName, PropertySlot&);
@@ -124,7 +123,7 @@ namespace JSC {
         void fillArgList(ExecState*, MarkedArgumentBuffer&);
         void copyToRegisters(ExecState*, Register*, uint32_t);
 
-        static PassRefPtr<Structure> createStructure(JSGlobalData& globalData, JSValue prototype)
+        static Structure* createStructure(JSGlobalData& globalData, JSValue prototype)
         {
             return Structure::create(globalData, prototype, TypeInfo(ObjectType, StructureFlags), AnonymousSlotCount, &s_info);
         }
index fbaea1d..c2abaee 100644 (file)
@@ -35,8 +35,8 @@ namespace JSC {
 
 const ClassInfo JSByteArray::s_defaultInfo = { "ByteArray", &Base::s_info, 0, 0 };
 
-JSByteArray::JSByteArray(ExecState* exec, NonNullPassRefPtr<Structure> structure, ByteArray* storage)
-    : JSNonFinalObject(structure)
+JSByteArray::JSByteArray(ExecState* exec, Structure* structure, ByteArray* storage)
+    : JSNonFinalObject(exec->globalData(), structure)
     , m_storage(storage)
 {
     putDirect(exec->globalData(), exec->globalData().propertyNames->length, jsNumber(m_storage->length()), ReadOnly | DontDelete);
@@ -50,7 +50,7 @@ JSByteArray::~JSByteArray()
 #endif
 
 
-PassRefPtr<Structure> JSByteArray::createStructure(JSGlobalData& globalData, JSValue prototype, const JSC::ClassInfo* classInfo)
+Structure* JSByteArray::createStructure(JSGlobalData& globalData, JSValue prototype, const JSC::ClassInfo* classInfo)
 {
     return Structure::create(globalData, prototype, TypeInfo(ObjectType, StructureFlags), AnonymousSlotCount, classInfo);
 }
index e674958..c481bb4 100644 (file)
@@ -75,8 +75,8 @@ namespace JSC {
                 setIndex(i, byteValue);
         }
 
-        JSByteArray(ExecState*, NonNullPassRefPtr<Structure>, WTF::ByteArray* storage);
-        static PassRefPtr<Structure> createStructure(JSGlobalData&, JSValue prototype, const JSC::ClassInfo* = &s_defaultInfo);
+        JSByteArray(ExecState*, Structure*, WTF::ByteArray* storage);
+        static Structure* createStructure(JSGlobalData&, JSValue prototype, const JSC::ClassInfo* = &s_defaultInfo);
 
         virtual bool getOwnPropertySlot(JSC::ExecState*, const JSC::Identifier& propertyName, JSC::PropertySlot&);
         virtual bool getOwnPropertySlot(JSC::ExecState*, unsigned propertyName, JSC::PropertySlot&);
@@ -100,9 +100,8 @@ namespace JSC {
         static const unsigned StructureFlags = OverridesGetOwnPropertySlot | OverridesGetPropertyNames | JSObject::StructureFlags;
 
     private:
-        enum VPtrStealingHackType { VPtrStealingHack };
         JSByteArray(VPtrStealingHackType)
-            : JSNonFinalObject(Structure::create(Structure::VPtrStealingHack, &s_info))
+            : JSNonFinalObject(VPtrStealingHack)
         {
         }
 
index ce7fe22..afd8450 100644 (file)
@@ -209,4 +209,14 @@ JSObject* JSCell::toObject(ExecState*, JSGlobalObject*) const
     return 0;
 }
 
+bool isZombie(const JSCell* cell)
+{
+#if ENABLE(JSC_ZOMBIES)
+    return cell && cell->isZombie();
+#else
+    UNUSED_PARAM(cell);
+    return false;
+#endif
+}
+
 } // namespace JSC
index cbfc113..7ee871c 100644 (file)
@@ -30,7 +30,6 @@
 #include "JSLock.h"
 #include "JSValueInlineMethods.h"
 #include "MarkStack.h"
-#include "UString.h"
 #include <wtf/Noncopyable.h>
 
 namespace JSC {
@@ -69,14 +68,19 @@ namespace JSC {
         friend class MarkedSpace;
         friend class MarkedBlock;
         friend class ScopeChainNode;
+        friend class Structure;
         friend class StructureChain;
 
+    protected:
+        enum VPtrStealingHackType { VPtrStealingHack };
+
     private:
-        explicit JSCell(Structure*);
+        explicit JSCell(VPtrStealingHackType) { }
+        JSCell(JSGlobalData&, Structure*);
         virtual ~JSCell();
 
     public:
-        static PassRefPtr<Structure> createDummyStructure(JSGlobalData&);
+        static Structure* createDummyStructure(JSGlobalData&);
 
         // Querying the type.
         bool isString() const;
@@ -142,7 +146,7 @@ namespace JSC {
             return OBJECT_OFFSETOF(JSCell, m_structure);
         }
 
-        Structure* const * addressOfStructure() const
+        const void* addressOfStructure() const
         {
             return &m_structure;
         }
@@ -155,12 +159,14 @@ namespace JSC {
         virtual bool getOwnPropertySlot(ExecState*, const Identifier& propertyName, PropertySlot&);
         virtual bool getOwnPropertySlot(ExecState*, unsigned propertyName, PropertySlot&);
         
-        Structure* m_structure;
+        WriteBarrier<Structure> m_structure;
     };
 
-    inline JSCell::JSCell(Structure* structure)
-        : m_structure(structure)
+    inline JSCell::JSCell(JSGlobalData& globalData, Structure* structure)
+        : m_structure(globalData, this, structure)
     {
+        // Very first set of allocations won't have a real structure.
+        ASSERT(m_structure || !globalData.dummyMarkableCellStructure);
     }
 
     inline JSCell::~JSCell()
@@ -169,11 +175,12 @@ namespace JSC {
 
     inline Structure* JSCell::structure() const
     {
-        return m_structure;
+        return m_structure.get();
     }
 
-    inline void JSCell::markChildren(MarkStack&)
+    inline void JSCell::markChildren(MarkStack& markStack)
     {
+        markStack.append(&m_structure);
     }
 
     // --- JSValue inlines ----------------------------
@@ -340,7 +347,7 @@ namespace JSC {
 #if ENABLE(JSC_ZOMBIES)
     inline bool JSValue::isZombie() const
     {
-        return isCell() && asCell() && asCell()->isZombie();
+        return isCell() && asCell() > (JSCell*)0x1ffffffffL && asCell()->isZombie();
     }
 #endif
 
index b8e499b..a18e973 100644 (file)
@@ -56,14 +56,12 @@ bool JSFunction::isHostFunctionNonInline() const
     return isHostFunction();
 }
 
-JSFunction::JSFunction(NonNullPassRefPtr<Structure> structure, VPtrHackExecutable* executable)
-    : Base(structure)
+JSFunction::JSFunction(VPtrStealingHackType)
+    : Base(VPtrStealingHack)
 {
-    ASSERT(inherits(&s_info));
-    m_executable.setWithoutWriteBarrier(executable);
 }
 
-JSFunction::JSFunction(ExecState* exec, JSGlobalObject* globalObject, NonNullPassRefPtr<Structure> structure, int length, const Identifier& name, NativeExecutable* thunk)
+JSFunction::JSFunction(ExecState* exec, JSGlobalObject* globalObject, Structure* structure, int length, const Identifier& name, NativeExecutable* thunk)
     : Base(globalObject, structure)
     , m_executable(exec->globalData(), this, thunk)
     , m_scopeChain(exec->globalData(), this, globalObject->globalScopeChain())
@@ -73,7 +71,7 @@ JSFunction::JSFunction(ExecState* exec, JSGlobalObject* globalObject, NonNullPas
     putDirect(exec->globalData(), exec->propertyNames().length, jsNumber(length), DontDelete | ReadOnly | DontEnum);
 }
 
-JSFunction::JSFunction(ExecState* exec, JSGlobalObject* globalObject, NonNullPassRefPtr<Structure> structure, int length, const Identifier& name, NativeFunction func)
+JSFunction::JSFunction(ExecState* exec, JSGlobalObject* globalObject, Structure* structure, int length, const Identifier& name, NativeFunction func)
     : Base(globalObject, structure)
     , m_scopeChain(exec->globalData(), this, globalObject->globalScopeChain())
 {
index 505b9de..174cd38 100644 (file)
@@ -45,8 +45,8 @@ namespace JSC {
         typedef JSObjectWithGlobalObject Base;
 
     public:
-        JSFunction(ExecState*, JSGlobalObject*, NonNullPassRefPtr<Structure>, int length, const Identifier&, NativeFunction);
-        JSFunction(ExecState*, JSGlobalObject*, NonNullPassRefPtr<Structure>, int length, const Identifier&, NativeExecutable*);
+        JSFunction(ExecState*, JSGlobalObject*, Structure*, int length, const Identifier&, NativeFunction);
+        JSFunction(ExecState*, JSGlobalObject*, Structure*, int length, const Identifier&, NativeExecutable*);
         JSFunction(ExecState*, FunctionExecutable*, ScopeChainNode*);
         virtual ~JSFunction();
 
@@ -73,7 +73,7 @@ namespace JSC {
 
         static JS_EXPORTDATA const ClassInfo s_info;
 
-        static PassRefPtr<Structure> createStructure(JSGlobalData& globalData, JSValue prototype) 
+        static Structure* createStructure(JSGlobalData& globalData, JSValue prototype) 
         { 
             return Structure::create(globalData, prototype, TypeInfo(ObjectType, StructureFlags), AnonymousSlotCount, &s_info); 
         }
@@ -87,7 +87,7 @@ namespace JSC {
         const static unsigned StructureFlags = OverridesGetOwnPropertySlot | ImplementsHasInstance | OverridesMarkChildren | OverridesGetPropertyNames | JSObject::StructureFlags;
 
     private:
-        JSFunction(NonNullPassRefPtr<Structure>, VPtrHackExecutable*);
+        explicit JSFunction(VPtrStealingHackType);
 
         bool isHostFunctionNonInline() const;
 
index 6290ff8..d9e5df0 100644 (file)
@@ -45,6 +45,7 @@
 #include "JSNotAnObject.h"
 #include "JSPropertyNameIterator.h"
 #include "JSStaticScopeObject.h"
+#include "JSZombie.h"
 #include "Lexer.h"
 #include "Lookup.h"
 #include "Nodes.h"
@@ -106,6 +107,15 @@ void* JSGlobalData::jsByteArrayVPtr;
 void* JSGlobalData::jsStringVPtr;
 void* JSGlobalData::jsFunctionVPtr;
 
+#if COMPILER(GCC)
+// Work around for gcc trying to coalesce our reads of the various cell vptrs
+#define CLOBBER_MEMORY() do { \
+    asm volatile ("" : : : "memory"); \
+} while (false)
+#else
+#define CLOBBER_MEMORY() do { } while (false)
+#endif
+
 void JSGlobalData::storeVPtrs()
 {
     // Enough storage to fit a JSArray, JSByteArray, JSString, or JSFunction.
@@ -114,27 +124,23 @@ void JSGlobalData::storeVPtrs()
 
     COMPILE_ASSERT(sizeof(JSArray) <= sizeof(storage), sizeof_JSArray_must_be_less_than_storage);
     JSCell* jsArray = new (storage) JSArray(JSArray::VPtrStealingHack);
+    CLOBBER_MEMORY();
     JSGlobalData::jsArrayVPtr = jsArray->vptr();
-    jsArray->~JSCell();
 
     COMPILE_ASSERT(sizeof(JSByteArray) <= sizeof(storage), sizeof_JSByteArray_must_be_less_than_storage);
     JSCell* jsByteArray = new (storage) JSByteArray(JSByteArray::VPtrStealingHack);
+    CLOBBER_MEMORY();
     JSGlobalData::jsByteArrayVPtr = jsByteArray->vptr();
-    jsByteArray->~JSCell();
 
     COMPILE_ASSERT(sizeof(JSString) <= sizeof(storage), sizeof_JSString_must_be_less_than_storage);
     JSCell* jsString = new (storage) JSString(JSString::VPtrStealingHack);
+    CLOBBER_MEMORY();
     JSGlobalData::jsStringVPtr = jsString->vptr();
-    jsString->~JSCell();
 
     COMPILE_ASSERT(sizeof(JSFunction) <= sizeof(storage), sizeof_JSFunction_must_be_less_than_storage);
-    char executableStorage[sizeof(VPtrHackExecutable)];
-    RefPtr<Structure> executableStructure = Structure::create(Structure::VPtrStealingHack, 0);
-    JSCell* executable = new (executableStorage) VPtrHackExecutable(executableStructure.get());
-    JSCell* jsFunction = new (storage) JSFunction(Structure::create(Structure::VPtrStealingHack, &JSFunction::s_info), static_cast<VPtrHackExecutable*>(executable));
+    JSCell* jsFunction = new (storage) JSFunction(JSCell::VPtrStealingHack);
+    CLOBBER_MEMORY();
     JSGlobalData::jsFunctionVPtr = jsFunction->vptr();
-    executable->~JSCell();
-    jsFunction->~JSCell();
 }
 
 JSGlobalData::JSGlobalData(GlobalDataType globalDataType, ThreadStackType threadStackType)
@@ -168,29 +174,39 @@ JSGlobalData::JSGlobalData(GlobalDataType globalDataType, ThreadStackType thread
     , exclusiveThread(0)
 #endif
 {
-    activationStructure = JSActivation::createStructure(*this, jsNull());
-    interruptedExecutionErrorStructure = JSNonFinalObject::createStructure(*this, jsNull());
-    terminatedExecutionErrorStructure = JSNonFinalObject::createStructure(*this, jsNull());
-    staticScopeStructure = JSStaticScopeObject::createStructure(*this, jsNull());
-    strictEvalActivationStructure = StrictEvalActivation::createStructure(*this, jsNull());
-    stringStructure = JSString::createStructure(*this, jsNull());
-    notAnObjectStructure = JSNotAnObject::createStructure(*this, jsNull());
-    propertyNameIteratorStructure = JSPropertyNameIterator::createStructure(*this, jsNull());
-    getterSetterStructure = GetterSetter::createStructure(*this, jsNull());
-    apiWrapperStructure = JSAPIValueWrapper::createStructure(*this, jsNull());
-    scopeChainNodeStructure = ScopeChainNode::createStructure(*this, jsNull());
-    executableStructure = ExecutableBase::createStructure(*this, jsNull());
-    nativeExecutableStructure = NativeExecutable::createStructure(*this, jsNull());
-    evalExecutableStructure = EvalExecutable::createStructure(*this, jsNull());
-    programExecutableStructure = ProgramExecutable::createStructure(*this, jsNull());
-    functionExecutableStructure = FunctionExecutable::createStructure(*this, jsNull());
-    dummyMarkableCellStructure = JSCell::createDummyStructure(*this);
-    structureChainStructure = StructureChain::createStructure(*this, jsNull());
-
     interpreter = new Interpreter(*this);
     if (globalDataType == Default)
         m_stack = wtfThreadData().stack();
 
+    // Need to be careful to keep everything consistent here
+    IdentifierTable* existingEntryIdentifierTable = wtfThreadData().setCurrentIdentifierTable(identifierTable);
+    JSLock lock(SilenceAssertionsOnly);
+    structureStructure.set(*this, Structure::createStructure(*this));
+    activationStructure.set(*this, JSActivation::createStructure(*this, jsNull()));
+    interruptedExecutionErrorStructure.set(*this, JSNonFinalObject::createStructure(*this, jsNull()));
+    terminatedExecutionErrorStructure.set(*this, JSNonFinalObject::createStructure(*this, jsNull()));
+    staticScopeStructure.set(*this, JSStaticScopeObject::createStructure(*this, jsNull()));
+    strictEvalActivationStructure.set(*this, StrictEvalActivation::createStructure(*this, jsNull()));
+    stringStructure.set(*this, JSString::createStructure(*this, jsNull()));
+    notAnObjectStructure.set(*this, JSNotAnObject::createStructure(*this, jsNull()));
+    propertyNameIteratorStructure.set(*this, JSPropertyNameIterator::createStructure(*this, jsNull()));
+    getterSetterStructure.set(*this, GetterSetter::createStructure(*this, jsNull()));
+    apiWrapperStructure.set(*this, JSAPIValueWrapper::createStructure(*this, jsNull()));
+    scopeChainNodeStructure.set(*this, ScopeChainNode::createStructure(*this, jsNull()));
+    executableStructure.set(*this, ExecutableBase::createStructure(*this, jsNull()));
+    nativeExecutableStructure.set(*this, NativeExecutable::createStructure(*this, jsNull()));
+    evalExecutableStructure.set(*this, EvalExecutable::createStructure(*this, jsNull()));
+    programExecutableStructure.set(*this, ProgramExecutable::createStructure(*this, jsNull()));
+    functionExecutableStructure.set(*this, FunctionExecutable::createStructure(*this, jsNull()));
+    dummyMarkableCellStructure.set(*this, JSCell::createDummyStructure(*this));
+    structureChainStructure.set(*this, StructureChain::createStructure(*this, jsNull()));
+
+#if ENABLE(JSC_ZOMBIES)
+    zombieStructure.set(*this, JSZombie::createStructure(*this, jsNull()));
+#endif
+
+    wtfThreadData().setCurrentIdentifierTable(existingEntryIdentifierTable);
+
 #if PLATFORM(MAC)
     startProfilerServerIfNeeded();
 #endif
@@ -222,6 +238,33 @@ JSGlobalData::JSGlobalData(GlobalDataType globalDataType, ThreadStackType thread
 #endif
 }
 
+void JSGlobalData::clearBuiltinStructures()
+{
+    structureStructure.clear();
+    activationStructure.clear();
+    interruptedExecutionErrorStructure.clear();
+    terminatedExecutionErrorStructure.clear();
+    staticScopeStructure.clear();
+    strictEvalActivationStructure.clear();
+    stringStructure.clear();
+    notAnObjectStructure.clear();
+    propertyNameIteratorStructure.clear();
+    getterSetterStructure.clear();
+    apiWrapperStructure.clear();
+    scopeChainNodeStructure.clear();
+    executableStructure.clear();
+    nativeExecutableStructure.clear();
+    evalExecutableStructure.clear();
+    programExecutableStructure.clear();
+    functionExecutableStructure.clear();
+    dummyMarkableCellStructure.clear();
+    structureChainStructure.clear();
+    
+#if ENABLE(JSC_ZOMBIES)
+    zombieStructure.clear();
+#endif
+}
+
 JSGlobalData::~JSGlobalData()
 {
     // By the time this is destroyed, heap.destroy() must already have been called.
@@ -282,10 +325,7 @@ PassRefPtr<JSGlobalData> JSGlobalData::create(ThreadStackType type)
 
 PassRefPtr<JSGlobalData> JSGlobalData::createLeaked(ThreadStackType type)
 {
-    Structure::startIgnoringLeaks();
-    RefPtr<JSGlobalData> data = create(type);
-    Structure::stopIgnoringLeaks();
-    return data.release();
+    return create(type);
 }
 
 bool JSGlobalData::sharedInstanceExists()
index 0c37cda..f1085af 100644 (file)
@@ -33,6 +33,7 @@
 #include "Heap.h"
 #include "DateInstanceCache.h"
 #include "ExecutableAllocator.h"
+#include "Strong.h"
 #include "JITStubs.h"
 #include "JSValue.h"
 #include "NumericStrings.h"
@@ -145,24 +146,29 @@ namespace JSC {
         const HashTable* regExpConstructorTable;
         const HashTable* stringTable;
         
-        RefPtr<Structure> activationStructure;
-        RefPtr<Structure> interruptedExecutionErrorStructure;
-        RefPtr<Structure> terminatedExecutionErrorStructure;
-        RefPtr<Structure> staticScopeStructure;
-        RefPtr<Structure> strictEvalActivationStructure;
-        RefPtr<Structure> stringStructure;
-        RefPtr<Structure> notAnObjectStructure;
-        RefPtr<Structure> propertyNameIteratorStructure;
-        RefPtr<Structure> getterSetterStructure;
-        RefPtr<Structure> apiWrapperStructure;
-        RefPtr<Structure> scopeChainNodeStructure;
-        RefPtr<Structure> executableStructure;
-        RefPtr<Structure> nativeExecutableStructure;
-        RefPtr<Structure> evalExecutableStructure;
-        RefPtr<Structure> programExecutableStructure;
-        RefPtr<Structure> functionExecutableStructure;
-        RefPtr<Structure> dummyMarkableCellStructure;
-        RefPtr<Structure> structureChainStructure;
+        Strong<Structure> structureStructure;
+        Strong<Structure> activationStructure;
+        Strong<Structure> interruptedExecutionErrorStructure;
+        Strong<Structure> terminatedExecutionErrorStructure;
+        Strong<Structure> staticScopeStructure;
+        Strong<Structure> strictEvalActivationStructure;
+        Strong<Structure> stringStructure;
+        Strong<Structure> notAnObjectStructure;
+        Strong<Structure> propertyNameIteratorStructure;
+        Strong<Structure> getterSetterStructure;
+        Strong<Structure> apiWrapperStructure;
+        Strong<Structure> scopeChainNodeStructure;
+        Strong<Structure> executableStructure;
+        Strong<Structure> nativeExecutableStructure;
+        Strong<Structure> evalExecutableStructure;
+        Strong<Structure> programExecutableStructure;
+        Strong<Structure> functionExecutableStructure;
+        Strong<Structure> dummyMarkableCellStructure;
+        Strong<Structure> structureChainStructure;
+
+#if ENABLE(JSC_ZOMBIES)
+        Strong<Structure> zombieStructure;
+#endif
 
         static void storeVPtrs();
         static JS_EXPORTDATA void* jsArrayVPtr;
@@ -261,6 +267,7 @@ namespace JSC {
         void dumpRegExpTrace();
         HandleSlot allocateGlobalHandle() { return heap.allocateGlobalHandle(); }
         HandleSlot allocateLocalHandle() { return heap.allocateLocalHandle(); }
+        void clearBuiltinStructures();
 
     private:
         JSGlobalData(GlobalDataType, ThreadStackType);
@@ -272,6 +279,11 @@ namespace JSC {
         StackBounds m_stack;
     };
 
+    inline HandleSlot allocateGlobalHandle(JSGlobalData& globalData)
+    {
+        return globalData.allocateGlobalHandle();
+    }
+
 } // namespace JSC
 
 #endif // JSGlobalData_h
index 84c85ae..b82949a 100644 (file)
@@ -84,12 +84,6 @@ template <typename T> static inline void markIfNeeded(MarkStack& markStack, Writ
         markStack.append(v);
 }
 
-static inline void markIfNeeded(MarkStack& markStack, const RefPtr<Structure>& s)
-{
-    if (s)
-        s->markAggregate(markStack);
-}
-
 JSGlobalObject::~JSGlobalObject()
 {
     ASSERT(JSLock::currentThreadIsHoldingLock());
@@ -176,46 +170,46 @@ void JSGlobalObject::reset(JSValue prototype)
     // Prototypes
 
     m_functionPrototype.set(exec->globalData(), this, new (exec) FunctionPrototype(exec, this, FunctionPrototype::createStructure(exec->globalData(), jsNull()))); // The real prototype will be set once ObjectPrototype is created.
-    m_functionStructure = JSFunction::createStructure(exec->globalData(), m_functionPrototype.get());
-    m_internalFunctionStructure = InternalFunction::createStructure(exec->globalData(), m_functionPrototype.get());
+    m_functionStructure.set(exec->globalData(), this, JSFunction::createStructure(exec->globalData(), m_functionPrototype.get()));
+    m_internalFunctionStructure.set(exec->globalData(), this, InternalFunction::createStructure(exec->globalData(), m_functionPrototype.get()));
     JSFunction* callFunction = 0;
     JSFunction* applyFunction = 0;
     m_functionPrototype->addFunctionProperties(exec, this, m_functionStructure.get(), &callFunction, &applyFunction);
     m_callFunction.set(exec->globalData(), this, callFunction);
     m_applyFunction.set(exec->globalData(), this, applyFunction);
     m_objectPrototype.set(exec->globalData(), this, new (exec) ObjectPrototype(exec, this, ObjectPrototype::createStructure(exec->globalData(), jsNull()), m_functionStructure.get()));
-    m_functionPrototype->structure()->setPrototypeWithoutTransition(m_objectPrototype.get());
+    m_functionPrototype->structure()->setPrototypeWithoutTransition(exec->globalData(), m_objectPrototype.get());
 
-    m_emptyObjectStructure = m_objectPrototype->inheritorID(exec->globalData());
+    m_emptyObjectStructure.set(exec->globalData(), this, m_objectPrototype->inheritorID(exec->globalData()));
 
-    m_callbackFunctionStructure = JSCallbackFunction::createStructure(exec->globalData(), m_functionPrototype.get());
-    m_argumentsStructure = Arguments::createStructure(exec->globalData(), m_objectPrototype.get());
-    m_callbackConstructorStructure = JSCallbackConstructor::createStructure(exec->globalData(), m_objectPrototype.get());
-    m_callbackObjectStructure = JSCallbackObject<JSObjectWithGlobalObject>::createStructure(exec->globalData(), m_objectPrototype.get());
+    m_callbackFunctionStructure.set(exec->globalData(), this, JSCallbackFunction::createStructure(exec->globalData(), m_functionPrototype.get()));
+    m_argumentsStructure.set(exec->globalData(), this, Arguments::createStructure(exec->globalData(), m_objectPrototype.get()));
+    m_callbackConstructorStructure.set(exec->globalData(), this, JSCallbackConstructor::createStructure(exec->globalData(), m_objectPrototype.get()));
+    m_callbackObjectStructure.set(exec->globalData(), this, JSCallbackObject<JSObjectWithGlobalObject>::createStructure(exec->globalData(), m_objectPrototype.get()));
 
     m_arrayPrototype.set(exec->globalData(), this, new (exec) ArrayPrototype(this, ArrayPrototype::createStructure(exec->globalData(), m_objectPrototype.get())));
-    m_arrayStructure = JSArray::createStructure(exec->globalData(), m_arrayPrototype.get());
-    m_regExpMatchesArrayStructure = RegExpMatchesArray::createStructure(exec->globalData(), m_arrayPrototype.get());
+    m_arrayStructure.set(exec->globalData(), this, JSArray::createStructure(exec->globalData(), m_arrayPrototype.get()));
+    m_regExpMatchesArrayStructure.set(exec->globalData(), this, RegExpMatchesArray::createStructure(exec->globalData(), m_arrayPrototype.get()));
 
     m_stringPrototype.set(exec->globalData(), this, new (exec) StringPrototype(exec, this, StringPrototype::createStructure(exec->globalData(), m_objectPrototype.get())));
-    m_stringObjectStructure = StringObject::createStructure(exec->globalData(), m_stringPrototype.get());
+    m_stringObjectStructure.set(exec->globalData(), this, StringObject::createStructure(exec->globalData(), m_stringPrototype.get()));
 
     m_booleanPrototype.set(exec->globalData(), this, new (exec) BooleanPrototype(exec, this, BooleanPrototype::createStructure(exec->globalData(), m_objectPrototype.get()), m_functionStructure.get()));
-    m_booleanObjectStructure = BooleanObject::createStructure(exec->globalData(), m_booleanPrototype.get());
+    m_booleanObjectStructure.set(exec->globalData(), this, BooleanObject::createStructure(exec->globalData(), m_booleanPrototype.get()));
 
     m_numberPrototype.set(exec->globalData(), this, new (exec) NumberPrototype(exec, this, NumberPrototype::createStructure(exec->globalData(), m_objectPrototype.get()), m_functionStructure.get()));
-    m_numberObjectStructure = NumberObject::createStructure(exec->globalData(), m_numberPrototype.get());
+    m_numberObjectStructure.set(exec->globalData(), this, NumberObject::createStructure(exec->globalData(), m_numberPrototype.get()));
 
     m_datePrototype.set(exec->globalData(), this, new (exec) DatePrototype(exec, this, DatePrototype::createStructure(exec->globalData(), m_objectPrototype.get())));
-    m_dateStructure = DateInstance::createStructure(exec->globalData(), m_datePrototype.get());
+    m_dateStructure.set(exec->globalData(), this, DateInstance::createStructure(exec->globalData(), m_datePrototype.get()));
 
     m_regExpPrototype.set(exec->globalData(), this, new (exec) RegExpPrototype(exec, this, RegExpPrototype::createStructure(exec->globalData(), m_objectPrototype.get()), m_functionStructure.get()));
-    m_regExpStructure = RegExpObject::createStructure(exec->globalData(), m_regExpPrototype.get());
+    m_regExpStructure.set(exec->globalData(), this, RegExpObject::createStructure(exec->globalData(), m_regExpPrototype.get()));
 
     m_methodCallDummy.set(exec->globalData(), this, constructEmptyObject(exec));
 
     ErrorPrototype* errorPrototype = new (exec) ErrorPrototype(exec, this, ErrorPrototype::createStructure(exec->globalData(), m_objectPrototype.get()), m_functionStructure.get());
-    m_errorStructure = ErrorInstance::createStructure(exec->globalData(), errorPrototype);
+    m_errorStructure.set(exec->globalData(), this, ErrorInstance::createStructure(exec->globalData(), errorPrototype));
 
     // Constructors
 
@@ -231,8 +225,8 @@ void JSGlobalObject::reset(JSValue prototype)
 
     m_errorConstructor.set(exec->globalData(), this, new (exec) ErrorConstructor(exec, this, ErrorConstructor::createStructure(exec->globalData(), m_functionPrototype.get()), errorPrototype));
 
-    RefPtr<Structure> nativeErrorPrototypeStructure = NativeErrorPrototype::createStructure(exec->globalData(), errorPrototype);
-    RefPtr<Structure> nativeErrorStructure = NativeErrorConstructor::createStructure(exec->globalData(), m_functionPrototype.get());
+    Structure* nativeErrorPrototypeStructure = NativeErrorPrototype::createStructure(exec->globalData(), errorPrototype);
+    Structure* nativeErrorStructure = NativeErrorConstructor::createStructure(exec->globalData(), m_functionPrototype.get());
     m_evalErrorConstructor.set(exec->globalData(), this, new (exec) NativeErrorConstructor(exec, this, nativeErrorStructure, nativeErrorPrototypeStructure, "EvalError"));
     m_rangeErrorConstructor.set(exec->globalData(), this, new (exec) NativeErrorConstructor(exec, this, nativeErrorStructure, nativeErrorPrototypeStructure, "RangeError"));
     m_referenceErrorConstructor.set(exec->globalData(), this, new (exec) NativeErrorConstructor(exec, this, nativeErrorStructure, nativeErrorPrototypeStructure, "ReferenceError"));
@@ -342,21 +336,21 @@ void JSGlobalObject::markChildren(MarkStack& markStack)
     markIfNeeded(markStack, &m_datePrototype);
     markIfNeeded(markStack, &m_regExpPrototype);
 
-    markIfNeeded(markStack, m_argumentsStructure);
-    markIfNeeded(markStack, m_arrayStructure);
-    markIfNeeded(markStack, m_booleanObjectStructure);
-    markIfNeeded(markStack, m_callbackConstructorStructure);
-    markIfNeeded(markStack, m_callbackFunctionStructure);
-    markIfNeeded(markStack, m_callbackObjectStructure);
-    markIfNeeded(markStack, m_dateStructure);
-    markIfNeeded(markStack, m_emptyObjectStructure);
-    markIfNeeded(markStack, m_errorStructure);
-    markIfNeeded(markStack, m_functionStructure);
-    markIfNeeded(markStack, m_numberObjectStructure);
-    markIfNeeded(markStack, m_regExpMatchesArrayStructure);
-    markIfNeeded(markStack, m_regExpStructure);
-    markIfNeeded(markStack, m_stringObjectStructure);
-    markIfNeeded(markStack, m_internalFunctionStructure);
+    markIfNeeded(markStack, &m_argumentsStructure);
+    markIfNeeded(markStack, &m_arrayStructure);
+    markIfNeeded(markStack, &m_booleanObjectStructure);
+    markIfNeeded(markStack, &m_callbackConstructorStructure);
+    markIfNeeded(markStack, &m_callbackFunctionStructure);
+    markIfNeeded(markStack, &m_callbackObjectStructure);
+    markIfNeeded(markStack, &m_dateStructure);
+    markIfNeeded(markStack, &m_emptyObjectStructure);
+    markIfNeeded(markStack, &m_errorStructure);
+    markIfNeeded(markStack, &m_functionStructure);
+    markIfNeeded(markStack, &m_numberObjectStructure);
+    markIfNeeded(markStack, &m_regExpMatchesArrayStructure);
+    markIfNeeded(markStack, &m_regExpStructure);
+    markIfNeeded(markStack, &m_stringObjectStructure);
+    markIfNeeded(markStack, &m_internalFunctionStructure);
 
     if (m_registerArray) {
         // Outside the execution of global code, when our variables are torn off,
@@ -391,7 +385,7 @@ void JSGlobalObject::copyGlobalsFrom(RegisterFile& registerFile)
         return;
     }
 
-    OwnArrayPtr<WriteBarrier<Unknown> > registerArray = copyRegisterArray(globalData(), reinterpret_cast<WriteBarrier<Unknown>*>(registerFile.lastGlobal()), numGlobals);
+    OwnArrayPtr<WriteBarrier<Unknown> > registerArray = copyRegisterArray(globalData(), reinterpret_cast<WriteBarrier<Unknown>*>(registerFile.lastGlobal()), numGlobals, numGlobals);
     WriteBarrier<Unknown>* registers = registerArray.get() + numGlobals;
     setRegisters(registers, registerArray.release(), numGlobals);
 }
index 300f4b0..0e36920 100644 (file)
@@ -87,21 +87,21 @@ namespace JSC {
         WriteBarrier<DatePrototype> m_datePrototype;
         WriteBarrier<RegExpPrototype> m_regExpPrototype;
 
-        RefPtr<Structure> m_argumentsStructure;
-        RefPtr<Structure> m_arrayStructure;
-        RefPtr<Structure> m_booleanObjectStructure;
-        RefPtr<Structure> m_callbackConstructorStructure;
-        RefPtr<Structure> m_callbackFunctionStructure;
-        RefPtr<Structure> m_callbackObjectStructure;
-        RefPtr<Structure> m_dateStructure;
-        RefPtr<Structure> m_emptyObjectStructure;
-        RefPtr<Structure> m_errorStructure;
-        RefPtr<Structure> m_functionStructure;
-        RefPtr<Structure> m_numberObjectStructure;
-        RefPtr<Structure> m_regExpMatchesArrayStructure;
-        RefPtr<Structure> m_regExpStructure;
-        RefPtr<Structure> m_stringObjectStructure;
-        RefPtr<Structure> m_internalFunctionStructure;
+        WriteBarrier<Structure> m_argumentsStructure;
+        WriteBarrier<Structure> m_arrayStructure;
+        WriteBarrier<Structure> m_booleanObjectStructure;
+        WriteBarrier<Structure> m_callbackConstructorStructure;
+        WriteBarrier<Structure> m_callbackFunctionStructure;
+        WriteBarrier<Structure> m_callbackObjectStructure;
+        WriteBarrier<Structure> m_dateStructure;
+        WriteBarrier<Structure> m_emptyObjectStructure;
+        WriteBarrier<Structure> m_errorStructure;
+        WriteBarrier<Structure> m_functionStructure;
+        WriteBarrier<Structure> m_numberObjectStructure;
+        WriteBarrier<Structure> m_regExpMatchesArrayStructure;
+        WriteBarrier<Structure> m_regExpStructure;
+        WriteBarrier<Structure> m_stringObjectStructure;
+        WriteBarrier<Structure> m_internalFunctionStructure;
 
         unsigned m_profileGroup;
         Debugger* m_debugger;
@@ -115,7 +115,7 @@ namespace JSC {
         void* operator new(size_t, JSGlobalData*);
         
         explicit JSGlobalObject(JSGlobalData& globalData)
-            : JSVariableObject(JSGlobalObject::createStructure(globalData, jsNull()), &m_symbolTable, 0)
+            : JSVariableObject(globalData, JSGlobalObject::createStructure(globalData, jsNull()), &m_symbolTable, 0)
             , m_registerArraySize(0)
             , m_globalScopeChain()
             , m_weakRandom(static_cast<unsigned>(randomNumber() * (std::numeric_limits<unsigned>::max() + 1.0)))
@@ -125,8 +125,8 @@ namespace JSC {
             init(this);
         }
         
-        explicit JSGlobalObject(NonNullPassRefPtr<Structure> structure)
-            : JSVariableObject(structure, &m_symbolTable, 0)
+        explicit JSGlobalObject(JSGlobalData& globalData, Structure* structure)
+            : JSVariableObject(globalData, structure, &m_symbolTable, 0)
             , m_registerArraySize(0)
             , m_globalScopeChain()
             , m_weakRandom(static_cast<unsigned>(randomNumber() * (std::numeric_limits<unsigned>::max() + 1.0)))
@@ -137,8 +137,8 @@ namespace JSC {
         }
 
     protected:
-        JSGlobalObject(NonNullPassRefPtr<Structure> structure, JSObject* thisValue)
-            : JSVariableObject(structure, &m_symbolTable, 0)
+        JSGlobalObject(JSGlobalData& globalData, Structure* structure, JSObject* thisValue)
+            : JSVariableObject(globalData, structure, &m_symbolTable, 0)
             , m_registerArraySize(0)
             , m_globalScopeChain()
             , m_weakRandom(static_cast<unsigned>(randomNumber() * (std::numeric_limits<unsigned>::max() + 1.0)))
@@ -239,7 +239,7 @@ namespace JSC {
 
         JSGlobalData& globalData() const { return *m_globalData.get(); }
 
-        static PassRefPtr<Structure> createStructure(JSGlobalData& globalData, JSValue prototype)
+        static Structure* createStructure(JSGlobalData& globalData, JSValue prototype)
         {
             return Structure::create(globalData, prototype, TypeInfo(ObjectType, StructureFlags), AnonymousSlotCount, &s_info);
         }
@@ -363,7 +363,7 @@ namespace JSC {
         // We cache our prototype chain so our clients can share it.
         if (!isValid(exec, m_cachedPrototypeChain.get())) {
             JSValue prototype = prototypeForLookup(exec);
-            m_cachedPrototypeChain.set(exec->globalData(), StructureChain::create(exec->globalData(), prototype.isNull() ? 0 : asObject(prototype)->structure()), 0);
+            m_cachedPrototypeChain.set(exec->globalData(), this, StructureChain::create(exec->globalData(), prototype.isNull() ? 0 : asObject(prototype)->structure()));
         }
         return m_cachedPrototypeChain.get();
     }
@@ -374,9 +374,9 @@ namespace JSC {
             return false;
 
         JSValue prototype = prototypeForLookup(exec);
-        RefPtr<Structure>* cachedStructure = cachedPrototypeChain->head();
+        WriteBarrier<Structure>* cachedStructure = cachedPrototypeChain->head();
         while(*cachedStructure && !prototype.isNull()) {
-            if (asObject(prototype)->structure() != *cachedStructure)
+            if (asObject(prototype)->structure() != cachedStructure->get())
                 return false;
             ++cachedStructure;
             prototype = asObject(prototype)->prototype();
@@ -407,17 +407,17 @@ namespace JSC {
     
     inline JSArray* constructEmptyArray(ExecState* exec)
     {
-        return new (exec) JSArray(exec->lexicalGlobalObject()->arrayStructure());
+        return new (exec) JSArray(exec->globalData(), exec->lexicalGlobalObject()->arrayStructure());
     }
     
     inline JSArray* constructEmptyArray(ExecState* exec, JSGlobalObject* globalObject)
     {
-        return new (exec) JSArray(globalObject->arrayStructure());
+        return new (exec) JSArray(exec->globalData(), globalObject->arrayStructure());
     }
 
     inline JSArray* constructEmptyArray(ExecState* exec, unsigned initialLength)
     {
-        return new (exec) JSArray(exec->lexicalGlobalObject()->arrayStructure(), initialLength, CreateInitialized);
+        return new (exec) JSArray(exec->globalData(), exec->lexicalGlobalObject()->arrayStructure(), initialLength, CreateInitialized);
     }
 
     inline JSArray* constructArray(ExecState* exec, JSValue singleItemValue)
index 75bca18..4c6806a 100644 (file)
@@ -39,11 +39,11 @@ namespace JSC {
     class JSNotAnObject : public JSNonFinalObject {
     public:
         JSNotAnObject(ExecState* exec)
-            : JSNonFinalObject(exec->globalData().notAnObjectStructure)
+            : JSNonFinalObject(exec->globalData(), exec->globalData().notAnObjectStructure.get())
         {
         }
 
-        static PassRefPtr<Structure> createStructure(JSGlobalData& globalData, JSValue prototype)
+        static Structure* createStructure(JSGlobalData& globalData, JSValue prototype)
         {
             return Structure::create(globalData, prototype, TypeInfo(ObjectType, StructureFlags), AnonymousSlotCount, &s_info);
         }
index 8fc7ac9..27fc569 100644 (file)
@@ -53,7 +53,7 @@ static EncodedJSValue JSC_HOST_CALL JSONProtoFuncStringify(ExecState*);
 
 namespace JSC {
 
-JSONObject::JSONObject(JSGlobalObject* globalObject, NonNullPassRefPtr<Structure> structure)
+JSONObject::JSONObject(JSGlobalObject* globalObject, Structure* structure)
     : JSObjectWithGlobalObject(globalObject, structure)
 {
     ASSERT(inherits(&s_info));
index a52c543..c87c641 100644 (file)
@@ -34,9 +34,9 @@ namespace JSC {
 
     class JSONObject : public JSObjectWithGlobalObject {
     public:
-        JSONObject(JSGlobalObject* globalObject, NonNullPassRefPtr<Structure> structure);
+        JSONObject(JSGlobalObject*, Structure*);
 
-        static PassRefPtr<Structure> createStructure(JSGlobalData& globalData, JSValue prototype)
+        static Structure* createStructure(JSGlobalData& globalData, JSValue prototype)
         {
             return Structure::create(globalData, prototype, TypeInfo(ObjectType, StructureFlags), AnonymousSlotCount, &s_info);
         }
index ab472d4..9677f23 100644 (file)
@@ -328,10 +328,8 @@ void JSObject::defineGetter(ExecState* exec, const Identifier& propertyName, JSO
     // getters and setters, though, we also need to change our Structure
     // if we override an existing non-getter or non-setter.
     if (slot.type() != PutPropertySlot::NewProperty) {
-        if (!m_structure->isDictionary()) {
-            RefPtr<Structure> structure = Structure::getterSetterTransition(globalData, m_structure);
-            setStructure(structure.release());
-        }
+        if (!m_structure->isDictionary())
+            setStructure(exec->globalData(), Structure::getterSetterTransition(globalData, m_structure.get()));
     }
 
     m_structure->setHasGetterSetterProperties(true);
@@ -355,10 +353,8 @@ void JSObject::defineSetter(ExecState* exec, const Identifier& propertyName, JSO
     // getters and setters, though, we also need to change our Structure
     // if we override an existing non-getter or non-setter.
     if (slot.type() != PutPropertySlot::NewProperty) {
-        if (!m_structure->isDictionary()) {
-            RefPtr<Structure> structure = Structure::getterSetterTransition(exec->globalData(), m_structure);
-            setStructure(structure.release());
-        }
+        if (!m_structure->isDictionary())
+            setStructure(exec->globalData(), Structure::getterSetterTransition(exec->globalData(), m_structure.get()));
     }
 
     m_structure->setHasGetterSetterProperties(true);
@@ -512,18 +508,18 @@ JSObject* JSObject::unwrappedObject()
 
 void JSObject::seal(JSGlobalData& globalData)
 {
-    setStructure(Structure::sealTransition(globalData, m_structure));
+    setStructure(globalData, Structure::sealTransition(globalData, m_structure.get()));
 }
 
 void JSObject::freeze(JSGlobalData& globalData)
 {
-    setStructure(Structure::freezeTransition(globalData, m_structure));
+    setStructure(globalData, Structure::freezeTransition(globalData, m_structure.get()));
 }
 
 void JSObject::preventExtensions(JSGlobalData& globalData)
 {
     if (isExtensible())
-        setStructure(Structure::preventExtensionsTransition(globalData, m_structure));
+        setStructure(globalData, Structure::preventExtensionsTransition(globalData, m_structure.get()));
 }
 
 void JSObject::removeDirect(JSGlobalData& globalData, const Identifier& propertyName)
@@ -536,8 +532,7 @@ void JSObject::removeDirect(JSGlobalData& globalData, const Identifier& property
         return;
     }
 
-    RefPtr<Structure> structure = Structure::removePropertyTransition(globalData, m_structure, propertyName, offset);
-    setStructure(structure.release());
+    setStructure(globalData, Structure::removePropertyTransition(globalData, m_structure.get(), propertyName, offset));
     if (offset != WTF::notFound)
         putUndefinedAtDirectOffset(offset);
 }
@@ -575,7 +570,8 @@ NEVER_INLINE void JSObject::fillGetterPropertySlot(PropertySlot& slot, WriteBarr
 
 Structure* JSObject::createInheritorID(JSGlobalData& globalData)
 {
-    m_inheritorID = createEmptyObjectStructure(globalData, this);
+    m_inheritorID.set(globalData, this, createEmptyObjectStructure(globalData, this));
+    ASSERT(m_inheritorID->isEmpty());
     return m_inheritorID.get();
 }
 
index b53aefc..80735f8 100644 (file)
@@ -90,7 +90,7 @@ namespace JSC {
         void setPrototype(JSGlobalData&, JSValue prototype);
         bool setPrototypeWithCycleCheck(JSGlobalData&, JSValue prototype);
         
-        void setStructure(NonNullPassRefPtr<Structure>);
+        void setStructure(JSGlobalData&, Structure*);
         Structure* inheritorID(JSGlobalData&);
 
         virtual UString className() const;
@@ -170,7 +170,7 @@ namespace JSC {
             return location - propertyStorage();
         }
 
-        void transitionTo(Structure*);
+        void transitionTo(JSGlobalData&, Structure*);
 
         void removeDirect(JSGlobalData&, const Identifier& propertyName);
         bool hasCustomProperties() { return !m_structure->isEmpty(); }
@@ -249,7 +249,7 @@ namespace JSC {
         static JS_EXPORTDATA const ClassInfo s_info;
 
     protected:
-        static PassRefPtr<Structure> createStructure(JSGlobalData& globalData, JSValue prototype)
+        static Structure* createStructure(JSGlobalData& globalData, JSValue prototype)
         {
             return Structure::create(globalData, prototype, TypeInfo(ObjectType, StructureFlags), AnonymousSlotCount, &s_info);
         }
@@ -263,7 +263,12 @@ namespace JSC {
 
         // To instantiate objects you likely want JSFinalObject, below.
         // To create derived types you likely want JSNonFinalObject, below.
-        JSObject(NonNullPassRefPtr<Structure>, PropertyStorage inlineStorage);
+        JSObject(JSGlobalData&, Structure*, PropertyStorage inlineStorage);
+        JSObject(VPtrStealingHackType, PropertyStorage inlineStorage)
+            : JSCell(VPtrStealingHack)
+            , m_propertyStorage(inlineStorage)
+        {
+        }
 
     private:
         // Nobody should ever ask any of these questions on something already known to be a JSObject.
@@ -298,7 +303,7 @@ namespace JSC {
         Structure* createInheritorID(JSGlobalData&);
 
         PropertyStorage m_propertyStorage;
-        RefPtr<Structure> m_inheritorID;
+        WriteBarrier<Structure> m_inheritorID;
     };
 
 
@@ -319,14 +324,19 @@ COMPILE_ASSERT((JSFinalObject_inlineStorageCapacity >= JSNonFinalObject_inlineSt
         friend class JSObject;
 
     public:
-        static PassRefPtr<Structure> createStructure(JSGlobalData& globalData, JSValue prototype)
+        static Structure* createStructure(JSGlobalData& globalData, JSValue prototype)
         {
             return Structure::create(globalData, prototype, TypeInfo(ObjectType, StructureFlags), AnonymousSlotCount, &s_info);
         }
 
     protected:
-        explicit JSNonFinalObject(NonNullPassRefPtr<Structure> structure)
-            : JSObject(structure, m_inlineStorage)
+        explicit JSNonFinalObject(VPtrStealingHackType)
+            : JSObject(VPtrStealingHack, m_inlineStorage)
+        {
+        }
+    
+        explicit JSNonFinalObject(JSGlobalData& globalData, Structure* structure)
+            : JSObject(globalData, structure, m_inlineStorage)
         {
             ASSERT(!(OBJECT_OFFSETOF(JSNonFinalObject, m_inlineStorage) % sizeof(double)));
             ASSERT(this->structure()->propertyStorageCapacity() == JSNonFinalObject_inlineStorageCapacity);
@@ -342,19 +352,19 @@ COMPILE_ASSERT((JSFinalObject_inlineStorageCapacity >= JSNonFinalObject_inlineSt
         friend class JSObject;
 
     public:
-        static JSFinalObject* create(ExecState* exec, NonNullPassRefPtr<Structure> structure)
+        static JSFinalObject* create(ExecState* exec, Structure* structure)
         {
-            return new (exec) JSFinalObject(structure);
+            return new (exec) JSFinalObject(exec->globalData(), structure);
         }
 
-        static PassRefPtr<Structure> createStructure(JSGlobalData& globalData, JSValue prototype)
+        static Structure* createStructure(JSGlobalData& globalData, JSValue prototype)
         {
             return Structure::create(globalData, prototype, TypeInfo(ObjectType, StructureFlags), AnonymousSlotCount, &s_info);
         }
 
     private:
-        explicit JSFinalObject(NonNullPassRefPtr<Structure> structure)
-            : JSObject(structure, m_inlineStorage)
+        explicit JSFinalObject(JSGlobalData& globalData, Structure* structure)
+            : JSObject(globalData, structure, m_inlineStorage)
         {
             ASSERT(OBJECT_OFFSETOF(JSFinalObject, m_inlineStorage) % sizeof(double) == 0);
             ASSERT(this->structure()->propertyStorageCapacity() == JSFinalObject_inlineStorageCapacity);
@@ -371,12 +381,12 @@ inline size_t JSObject::offsetOfInlineStorage()
     return OBJECT_OFFSETOF(JSFinalObject, m_inlineStorage);
 }
 
-inline JSObject* constructEmptyObject(ExecState* exec, NonNullPassRefPtr<Structure> structure)
+inline JSObject* constructEmptyObject(ExecState* exec, Structure* structure)
 {
     return JSFinalObject::create(exec, structure);
 }
 
-inline PassRefPtr<Structure> createEmptyObjectStructure(JSGlobalData& globalData, JSValue prototype)
+inline Structure* createEmptyObjectStructure(JSGlobalData& globalData, JSValue prototype)
 {
     return JSFinalObject::createStructure(globalData, prototype);
 }
@@ -392,8 +402,8 @@ inline JSObject* asObject(JSValue value)
     return asObject(value.asCell());
 }
 
-inline JSObject::JSObject(NonNullPassRefPtr<Structure> structure, PropertyStorage inlineStorage)
-    : JSCell(structure.releaseRef()) // ~JSObject balances this ref()
+inline JSObject::JSObject(JSGlobalData& globalData, Structure* structure, PropertyStorage inlineStorage)
+    : JSCell(globalData, structure)
     , m_propertyStorage(inlineStorage)
 {
     ASSERT(inherits(&s_info));
@@ -401,14 +411,13 @@ inline JSObject::JSObject(NonNullPassRefPtr<Structure> structure, PropertyStorag
     ASSERT(m_structure->isEmpty());
     ASSERT(prototype().isNull() || Heap::heap(this) == Heap::heap(prototype()));
     ASSERT(static_cast<void*>(inlineStorage) == static_cast<void*>(this + 1));
+    ASSERT(m_structure->typeInfo().type() == ObjectType);
 }
 
 inline JSObject::~JSObject()
 {
-    ASSERT(m_structure);
     if (!isUsingInlineStorage())
         delete [] m_propertyStorage;
-    m_structure->deref();
 }
 
 inline JSValue JSObject::prototype() const
@@ -432,20 +441,20 @@ inline bool JSObject::setPrototypeWithCycleCheck(JSGlobalData& globalData, JSVal
 inline void JSObject::setPrototype(JSGlobalData& globalData, JSValue prototype)
 {
     ASSERT(prototype);
-    RefPtr<Structure> newStructure = Structure::changePrototypeTransition(globalData, m_structure, prototype);
-    setStructure(newStructure.release());
+    setStructure(globalData, Structure::changePrototypeTransition(globalData, m_structure.get(), prototype));
 }
 
-inline void JSObject::setStructure(NonNullPassRefPtr<Structure> structure)
+inline void JSObject::setStructure(JSGlobalData& globalData, Structure* structure)
 {
-    m_structure->deref();
-    m_structure = structure.leakRef(); // ~JSObject balances this ref()
+    m_structure.set(globalData, this, structure);
 }
 
 inline Structure* JSObject::inheritorID(JSGlobalData& globalData)
 {
-    if (m_inheritorID)
+    if (m_inheritorID) {
+        ASSERT(m_inheritorID->isEmpty());
         return m_inheritorID.get();
+    }
     return createInheritorID(globalData);
 }
 
@@ -596,12 +605,12 @@ inline bool JSObject::putDirectInternal(JSGlobalData& globalData, const Identifi
 
     size_t offset;
     size_t currentCapacity = m_structure->propertyStorageCapacity();
-    if (RefPtr<Structure> structure = Structure::addPropertyTransitionToExistingStructure(m_structure, propertyName, attributes, specificFunction, offset)) {    
+    if (Structure* structure = Structure::addPropertyTransitionToExistingStructure(m_structure.get(), propertyName, attributes, specificFunction, offset)) {    
         if (currentCapacity != structure->propertyStorageCapacity())
             allocatePropertyStorage(currentCapacity, structure->propertyStorageCapacity());
 
         ASSERT(offset < structure->propertyStorageCapacity());
-        setStructure(structure.release());
+        setStructure(globalData, structure);
         putDirectOffset(globalData, offset, value);
         // This is a new property; transitions with specific values are not currently cachable,
         // so leave the slot in an uncachable state.
@@ -633,7 +642,7 @@ inline bool JSObject::putDirectInternal(JSGlobalData& globalData, const Identifi
                 return true;
             }
             // case (2) Despecify, fall through to (3).
-            setStructure(Structure::despecifyFunctionTransition(globalData, m_structure, propertyName));
+            setStructure(globalData, Structure::despecifyFunctionTransition(globalData, m_structure.get(), propertyName));
         }
 
         // case (3) set the slot, do the put, return.
@@ -645,13 +654,13 @@ inline bool JSObject::putDirectInternal(JSGlobalData& globalData, const Identifi
     if (!isExtensible())
         return false;
 
-    RefPtr<Structure> structure = Structure::addPropertyTransition(globalData, m_structure, propertyName, attributes, specificFunction, offset);
+    Structure* structure = Structure::addPropertyTransition(globalData, m_structure.get(), propertyName, attributes, specificFunction, offset);
 
     if (currentCapacity != structure->propertyStorageCapacity())
         allocatePropertyStorage(currentCapacity, structure->propertyStorageCapacity());
 
     ASSERT(offset < structure->propertyStorageCapacity());
-    setStructure(structure.release());
+    setStructure(globalData, structure);
     putDirectOffset(globalData, offset, value);
     // This is a new property; transitions with specific values are not currently cachable,
     // so leave the slot in an uncachable state.
@@ -722,11 +731,11 @@ inline void JSObject::putDirectFunctionWithoutTransition(JSGlobalData& globalDat
     putDirectOffset(globalData, offset, value);
 }
 
-inline void JSObject::transitionTo(Structure* newStructure)
+inline void JSObject::transitionTo(JSGlobalData& globalData, Structure* newStructure)
 {
     if (m_structure->propertyStorageCapacity() != newStructure->propertyStorageCapacity())
         allocatePropertyStorage(m_structure->propertyStorageCapacity(), newStructure->propertyStorageCapacity());
-    setStructure(newStructure);
+    setStructure(globalData, newStructure);
 }
 
 inline JSValue JSObject::toPrimitive(ExecState* exec, PreferredPrimitiveType preferredType) const
@@ -815,10 +824,11 @@ ALWAYS_INLINE void JSObject::markChildrenDirect(MarkStack& markStack)
 {
     JSCell::markChildren(markStack);
 
-    m_structure->markAggregate(markStack);
     PropertyStorage storage = propertyStorage();
     size_t storageSize = m_structure->propertyStorageSize();
     markStack.appendValues(storage, storageSize);
+    if (m_inheritorID)
+        markStack.append(&m_inheritorID);
 }
 
 // --- JSValue inlines ----------------------------
index a34362a..2b489a2 100644 (file)
@@ -30,8 +30,8 @@
 
 namespace JSC {
 
-JSObjectWithGlobalObject::JSObjectWithGlobalObject(JSGlobalObject* globalObject, NonNullPassRefPtr<Structure> structure)
-    : JSNonFinalObject(structure)
+JSObjectWithGlobalObject::JSObjectWithGlobalObject(JSGlobalObject* globalObject, Structure* structure)
+    : JSNonFinalObject(globalObject->globalData(), structure)
 {
     COMPILE_ASSERT(AnonymousSlotCount == 1, AnonymousSlotCount_must_be_one);
     ASSERT(!globalObject || globalObject->isGlobalObject());
@@ -41,4 +41,15 @@ JSObjectWithGlobalObject::JSObjectWithGlobalObject(JSGlobalObject* globalObject,
         putAnonymousValue(globalObject->globalData(), GlobalObjectSlot, globalObject);
 }
 
+JSObjectWithGlobalObject::JSObjectWithGlobalObject(JSGlobalData& globalData, JSGlobalObject* globalObject, Structure* structure)
+    : JSNonFinalObject(globalData, structure)
+{
+    COMPILE_ASSERT(AnonymousSlotCount == 1, AnonymousSlotCount_must_be_one);
+    ASSERT(!globalObject || globalObject->isGlobalObject());
+    if (!globalObject)
+        clearAnonymousValue(GlobalObjectSlot);
+    else
+        putAnonymousValue(globalData, GlobalObjectSlot, globalObject);
+}
+
 } // namespace JSC
index 8a0f872..844bcd8 100644 (file)
@@ -34,7 +34,7 @@ class JSGlobalObject;
 
 class JSObjectWithGlobalObject : public JSNonFinalObject {
 public:
-    static PassRefPtr<Structure> createStructure(JSGlobalData& globalData, JSValue proto)
+    static Structure* createStructure(JSGlobalData& globalData, JSValue proto)
     {
         return Structure::create(globalData, proto, TypeInfo(ObjectType, StructureFlags), AnonymousSlotCount, &s_info);
     }
@@ -45,10 +45,11 @@ public:
     }
 
 protected:
-    JSObjectWithGlobalObject(JSGlobalObject*, NonNullPassRefPtr<Structure>);
+    JSObjectWithGlobalObject(JSGlobalObject*, Structure*);
+    JSObjectWithGlobalObject(JSGlobalData&, JSGlobalObject*, Structure*);
 
-    JSObjectWithGlobalObject(NonNullPassRefPtr<Structure> structure)
-        : JSNonFinalObject(structure)
+    JSObjectWithGlobalObject(VPtrStealingHackType)
+        : JSNonFinalObject(VPtrStealingHack)
     {
         // Should only be used by JSFunction when we aquire the JSFunction vptr.
     }
index 6f31f99..d5af044 100644 (file)
@@ -35,9 +35,10 @@ namespace JSC {
 
 ASSERT_CLASS_FITS_IN_CELL(JSPropertyNameIterator);
 
+const ClassInfo JSPropertyNameIterator::s_info = { "JSPropertyNameIterator", 0, 0, 0 };
+
 inline JSPropertyNameIterator::JSPropertyNameIterator(ExecState* exec, PropertyNameArrayData* propertyNameArrayData, size_t numCacheableSlots)
-    : JSCell(exec->globalData().propertyNameIteratorStructure.get())
-    , m_cachedStructure(0)
+    : JSCell(exec->globalData(), exec->globalData().propertyNameIteratorStructure.get())
     , m_numCacheableSlots(numCacheableSlots)
     , m_jsStringsSize(propertyNameArrayData->propertyNameVector().size())
     , m_jsStrings(adoptArrayPtr(new WriteBarrier<Unknown>[m_jsStringsSize]))
@@ -71,14 +72,14 @@ JSPropertyNameIterator* JSPropertyNameIterator::create(ExecState* exec, JSObject
     
     size_t count = normalizePrototypeChain(exec, o);
     StructureChain* structureChain = o->structure()->prototypeChain(exec);
-    RefPtr<Structure>* structure = structureChain->head();
+    WriteBarrier<Structure>* structure = structureChain->head();
     for (size_t i = 0; i < count; ++i) {
         if (structure[i]->typeInfo().overridesGetPropertyNames())
             return jsPropertyNameIterator;
     }
 
     jsPropertyNameIterator->setCachedPrototypeChain(exec->globalData(), structureChain);
-    jsPropertyNameIterator->setCachedStructure(o->structure());
+    jsPropertyNameIterator->setCachedStructure(exec->globalData(), o->structure());
     o->structure()->setEnumerationCache(exec->globalData(), jsPropertyNameIterator);
     return jsPropertyNameIterator;
 }
@@ -86,7 +87,7 @@ JSPropertyNameIterator* JSPropertyNameIterator::create(ExecState* exec, JSObject
 JSValue JSPropertyNameIterator::get(ExecState* exec, JSObject* base, size_t i)
 {
     JSValue identifier = m_jsStrings[i].get();
-    if (m_cachedStructure == base->structure() && m_cachedPrototypeChain.get() == base->structure()->prototypeChain(exec))
+    if (m_cachedStructure.get() == base->structure() && m_cachedPrototypeChain.get() == base->structure()->prototypeChain(exec))
         return identifier;
 
     if (!base->hasProperty(exec, Identifier(exec, asString(identifier)->value(exec))))
@@ -101,12 +102,4 @@ void JSPropertyNameIterator::markChildren(MarkStack& markStack)
         markStack.append(&m_cachedPrototypeChain);
 }
 
-#if !ASSERT_DISABLED
-
-JSPropertyNameIterator::~JSPropertyNameIterator()
-{
-    ASSERT(!m_cachedStructure || m_cachedStructure->enumerationCache() != this);
-}
-
-#endif
 } // namespace JSC
index f98c40e..b857dc0 100644 (file)
@@ -45,9 +45,9 @@ namespace JSC {
     public:
         static JSPropertyNameIterator* create(ExecState*, JSObject*);
         
-        static PassRefPtr<Structure> createStructure(JSGlobalData& globalData, JSValue prototype)
+        static Structure* createStructure(JSGlobalData& globalData, JSValue prototype)
         {
-            return Structure::create(globalData, prototype, TypeInfo(CompoundType, OverridesMarkChildren), AnonymousSlotCount, 0);
+            return Structure::create(globalData, prototype, TypeInfo(CompoundType, OverridesMarkChildren), AnonymousSlotCount, &s_info);
         }
 
         virtual bool isPropertyNameIterator() const { return true; }
@@ -65,11 +65,11 @@ namespace JSC {
         JSValue get(ExecState*, JSObject*, size_t i);
         size_t size() { return m_jsStringsSize; }
 
-        void setCachedStructure(Structure* structure)
+        void setCachedStructure(JSGlobalData& globalData, Structure* structure)
         {
             ASSERT(!m_cachedStructure);
             ASSERT(structure);
-            m_cachedStructure = structure;
+            m_cachedStructure.set(globalData, this, structure);
         }
         Structure* cachedStructure() { return m_cachedStructure.get(); }
 
@@ -77,13 +77,10 @@ namespace JSC {
         StructureChain* cachedPrototypeChain() { return m_cachedPrototypeChain.get(); }
 
     private:
+        static const ClassInfo s_info;
         JSPropertyNameIterator(ExecState*, PropertyNameArrayData* propertyNameArrayData, size_t numCacheableSlot);
-        
-#if !ASSERT_DISABLED
-        virtual ~JSPropertyNameIterator();
-#endif
 
-        RefPtr<Structure> m_cachedStructure;
+        WriteBarrier<Structure> m_cachedStructure;
         WriteBarrier<StructureChain> m_cachedPrototypeChain;
         uint32_t m_numCacheableSlots;
         uint32_t m_jsStringsSize;
@@ -93,7 +90,7 @@ namespace JSC {
     inline void Structure::setEnumerationCache(JSGlobalData& globalData, JSPropertyNameIterator* enumerationCache)
     {
         ASSERT(!isDictionary());
-        m_enumerationCache.set(globalData, enumerationCache);
+        m_enumerationCache.set(globalData, this, enumerationCache);
     }
 
     inline JSPropertyNameIterator* Structure::enumerationCache()
index 3e19bbc..8c3a249 100644 (file)
@@ -33,7 +33,7 @@ namespace JSC{
     class JSStaticScopeObject : public JSVariableObject {
     public:
         JSStaticScopeObject(ExecState* exec, const Identifier& ident, JSValue value, unsigned attributes)
-            : JSVariableObject(exec->globalData().staticScopeStructure, &m_symbolTable, reinterpret_cast<Register*>(&m_registerStore + 1))
+            : JSVariableObject(exec->globalData(), exec->globalData().staticScopeStructure.get(), &m_symbolTable, reinterpret_cast<Register*>(&m_registerStore + 1))
         {
             m_registerStore.set(exec->globalData(), this, value);
             symbolTable().add(ident.impl(), SymbolTableEntry(-1, attributes));
@@ -47,7 +47,7 @@ namespace JSC{
         virtual void put(ExecState*, const Identifier&, JSValue, PutPropertySlot&);
         void putWithAttributes(ExecState*, const Identifier&, JSValue, unsigned attributes);
 
-        static PassRefPtr<Structure> createStructure(JSGlobalData& globalData, JSValue proto) { return Structure::create(globalData, proto, TypeInfo(ObjectType, StructureFlags), AnonymousSlotCount, &s_info); }
+        static Structure* createStructure(JSGlobalData& globalData, JSValue proto) { return Structure::create(globalData, proto, TypeInfo(ObjectType, StructureFlags), AnonymousSlotCount, &s_info); }
 
     protected:
         static const unsigned StructureFlags = OverridesGetOwnPropertySlot | NeedsThisConversion | OverridesMarkChildren | OverridesGetPropertyNames | JSVariableObject::StructureFlags;
index af6a932..3422dad 100644 (file)
@@ -185,7 +185,7 @@ namespace JSC {
         };
 
         ALWAYS_INLINE JSString(JSGlobalData* globalData, const UString& value)
-            : JSCell(globalData->stringStructure.get())
+            : JSCell(*globalData, globalData->stringStructure.get())
             , m_length(value.length())
             , m_value(value)
             , m_fiberCount(0)
@@ -196,7 +196,7 @@ namespace JSC {
 
         enum HasOtherOwnerType { HasOtherOwner };
         JSString(JSGlobalData* globalData, const UString& value, HasOtherOwnerType)
-            : JSCell(globalData->stringStructure.get())
+            : JSCell(*globalData, globalData->stringStructure.get())
             , m_length(value.length())
             , m_value(value)
             , m_fiberCount(0)
@@ -204,7 +204,7 @@ namespace JSC {
             ASSERT(!m_value.isNull());
         }
         JSString(JSGlobalData* globalData, PassRefPtr<StringImpl> value, HasOtherOwnerType)
-            : JSCell(globalData->stringStructure.get())
+            : JSCell(*globalData, globalData->stringStructure.get())
             , m_length(value->length())
             , m_value(value)
             , m_fiberCount(0)
@@ -212,7 +212,7 @@ namespace JSC {
             ASSERT(!m_value.isNull());
         }
         JSString(JSGlobalData* globalData, PassRefPtr<RopeImpl> rope)
-            : JSCell(globalData->stringStructure.get())
+            : JSCell(*globalData, globalData->stringStructure.get())
             , m_length(rope->length())
             , m_fiberCount(1)
         {
@@ -221,7 +221,7 @@ namespace JSC {
         // This constructor constructs a new string by concatenating s1 & s2.
         // This should only be called with fiberCount <= 3.
         JSString(JSGlobalData* globalData, unsigned fiberCount, JSString* s1, JSString* s2)
-            : JSCell(globalData->stringStructure.get())
+            : JSCell(*globalData, globalData->stringStructure.get())
             , m_length(s1->length() + s2->length())
             , m_fiberCount(fiberCount)
         {
@@ -234,7 +234,7 @@ namespace JSC {
         // This constructor constructs a new string by concatenating s1 & s2.
         // This should only be called with fiberCount <= 3.
         JSString(JSGlobalData* globalData, unsigned fiberCount, JSString* s1, const UString& u2)
-            : JSCell(globalData->stringStructure.get())
+            : JSCell(*globalData, globalData->stringStructure.get())
             , m_length(s1->length() + u2.length())
             , m_fiberCount(fiberCount)
         {
@@ -247,7 +247,7 @@ namespace JSC {
         // This constructor constructs a new string by concatenating s1 & s2.
         // This should only be called with fiberCount <= 3.
         JSString(JSGlobalData* globalData, unsigned fiberCount, const UString& u1, JSString* s2)
-            : JSCell(globalData->stringStructure.get())
+            : JSCell(*globalData, globalData->stringStructure.get())
             , m_length(u1.length() + s2->length())
             , m_fiberCount(fiberCount)
         {
@@ -262,7 +262,7 @@ namespace JSC {
         // value must require a fiberCount of at least one implies that the length
         // for each value must be exactly 1!
         JSString(ExecState* exec, JSValue v1, JSValue v2, JSValue v3)
-            : JSCell(exec->globalData().stringStructure.get())
+            : JSCell(exec->globalData(), exec->globalData().stringStructure.get())
             , m_length(0)
             , m_fiberCount(s_maxInternalRopeLength)
         {
@@ -275,7 +275,7 @@ namespace JSC {
 
         // This constructor constructs a new string by concatenating u1 & u2.
         JSString(JSGlobalData* globalData, const UString& u1, const UString& u2)
-            : JSCell(globalData->stringStructure.get())
+            : JSCell(*globalData, globalData->stringStructure.get())
             , m_length(u1.length() + u2.length())
             , m_fiberCount(2)
         {
@@ -287,7 +287,7 @@ namespace JSC {
 
         // This constructor constructs a new string by concatenating u1, u2 & u3.
         JSString(JSGlobalData* globalData, const UString& u1, const UString& u2, const UString& u3)
-            : JSCell(globalData->stringStructure.get())
+            : JSCell(*globalData, globalData->stringStructure.get())
             , m_length(u1.length() + u2.length() + u3.length())
             , m_fiberCount(s_maxInternalRopeLength)
         {
@@ -299,7 +299,7 @@ namespace JSC {
         }
 
         JSString(JSGlobalData* globalData, const UString& value, JSStringFinalizerCallback finalizer, void* context)
-            : JSCell(globalData->stringStructure.get())
+            : JSCell(*globalData, globalData->stringStructure.get())
             , m_length(value.length())
             , m_value(value)
             , m_fiberCount(0)
@@ -349,12 +349,11 @@ namespace JSC {
 
         JSValue replaceCharacter(ExecState*, UChar, const UString& replacement);
 
-        static PassRefPtr<Structure> createStructure(JSGlobalData& globalData, JSValue proto) { return Structure::create(globalData, proto, TypeInfo(StringType, OverridesGetOwnPropertySlot | NeedsThisConversion), AnonymousSlotCount, 0); }
+        static Structure* createStructure(JSGlobalData& globalData, JSValue proto) { return Structure::create(globalData, proto, TypeInfo(StringType, OverridesGetOwnPropertySlot | NeedsThisConversion), AnonymousSlotCount, 0); }
 
     private:
-        enum VPtrStealingHackType { VPtrStealingHack };
         JSString(VPtrStealingHackType) 
-            : JSCell(0)
+            : JSCell(VPtrStealingHack)
             , m_fiberCount(0)
         {
         }
index 882b218..dba03f6 100644 (file)
@@ -33,10 +33,11 @@ namespace JSC {
         NumberType        = 3,
         NullType          = 4,
         StringType        = 5,
+        LeafType          = 6,
         // The CompoundType value must come before any JSType that may have children
-        CompoundType      = 6,
-        ObjectType        = 7,
-        GetterSetterType  = 8
+        CompoundType      = 7,
+        ObjectType        = 8,
+        GetterSetterType  = 9
     };
 
 } // namespace JSC
index 284d2b2..acde81f 100644 (file)
@@ -54,6 +54,7 @@ namespace JSC {
         {
             ASSERT(flags <= 0x1FF);
             ASSERT(type <= 0xFF);
+            ASSERT(type >= CompoundType || !(flags & OverridesMarkChildren));
             // ImplementsDefaultHasInstance means (ImplementsHasInstance & !OverridesHasInstance)
             if ((m_flags & (ImplementsHasInstance | OverridesHasInstance)) == ImplementsHasInstance)
                 m_flags |= ImplementsDefaultHasInstance;
index d974273..ae9d02c 100644 (file)
@@ -466,6 +466,8 @@ namespace JSC {
     inline bool operator!=(const JSValue a, const JSCell* b) { return a != JSValue(b); }
     inline bool operator!=(const JSCell* a, const JSValue b) { return JSValue(a) != b; }
 
+    bool isZombie(const JSCell*);
+
 } // namespace JSC
 
 #endif // JSValue_h
index 891ada8..89bb6b0 100644 (file)
@@ -58,7 +58,7 @@ namespace JSC {
 
         WriteBarrier<Unknown>* const * addressOfRegisters() const { return &m_registers; }
 
-        static PassRefPtr<Structure> createStructure(JSGlobalData& globalData, JSValue prototype)
+        static Structure* createStructure(JSGlobalData& globalData, JSValue prototype)
         {
             return Structure::create(globalData, prototype, TypeInfo(ObjectType, StructureFlags), AnonymousSlotCount, &s_info);
         }
@@ -66,8 +66,8 @@ namespace JSC {
     protected:
         static const unsigned StructureFlags = OverridesGetPropertyNames | JSObject::StructureFlags;
 
-        JSVariableObject(NonNullPassRefPtr<Structure> structure, SymbolTable* symbolTable, Register* registers)
-            : JSNonFinalObject(structure)
+        JSVariableObject(JSGlobalData& globalData, Structure* structure, SymbolTable* symbolTable, Register* registers)
+            : JSNonFinalObject(globalData, structure)
             , m_symbolTable(symbolTable)
             , m_registers(reinterpret_cast<WriteBarrier<Unknown>*>(registers))
         {
@@ -75,7 +75,7 @@ namespace JSC {
             COMPILE_ASSERT(sizeof(WriteBarrier<Unknown>) == sizeof(Register), Register_should_be_same_size_as_WriteBarrier);
         }
 
-        PassOwnArrayPtr<WriteBarrier<Unknown> > copyRegisterArray(JSGlobalData&, WriteBarrier<Unknown>* src, size_t count);
+        PassOwnArrayPtr<WriteBarrier<Unknown> > copyRegisterArray(JSGlobalData&, WriteBarrier<Unknown>* src, size_t count, size_t callframeStarts);
         void setRegisters(WriteBarrier<Unknown>* registers, PassOwnArrayPtr<WriteBarrier<Unknown> > registerArray);
 
         bool symbolTableGet(const Identifier&, PropertySlot&);
@@ -137,10 +137,12 @@ namespace JSC {
         return true;
     }
 
-    inline PassOwnArrayPtr<WriteBarrier<Unknown> > JSVariableObject::copyRegisterArray(JSGlobalData& globalData, WriteBarrier<Unknown>* src, size_t count)
+    inline PassOwnArrayPtr<WriteBarrier<Unknown> > JSVariableObject::copyRegisterArray(JSGlobalData& globalData, WriteBarrier<Unknown>* src, size_t count, size_t callframeStarts)
     {
         OwnArrayPtr<WriteBarrier<Unknown> > registerArray = adoptArrayPtr(new WriteBarrier<Unknown>[count]);
-        for (size_t i = 0; i < count; i++)
+        for (size_t i = 0; i < callframeStarts; i++)
+            registerArray[i].set(globalData, this, src[i].get());
+        for (size_t i = callframeStarts + RegisterFile::CallFrameHeaderSize; i < count; i++)
             registerArray[i].set(globalData, this, src[i].get());
 
         return registerArray.release();
index 63833e9..a7dbe0d 100644 (file)
@@ -30,13 +30,13 @@ namespace JSC {
     // Number, Boolean and Date which are wrappers for primitive types.
     class JSWrapperObject : public JSNonFinalObject {
     protected:
-        explicit JSWrapperObject(NonNullPassRefPtr<Structure>);
+        explicit JSWrapperObject(JSGlobalData&, Structure*);
 
     public:
         JSValue internalValue() const;
         void setInternalValue(JSGlobalData&, JSValue);
 
-        static PassRefPtr<Structure> createStructure(JSGlobalData& globalData, JSValue prototype) 
+        static Structure* createStructure(JSGlobalData& globalData, JSValue prototype) 
         { 
             return Structure::create(globalData, prototype, TypeInfo(ObjectType, StructureFlags), AnonymousSlotCount, &s_info);
         }
@@ -50,8 +50,8 @@ namespace JSC {
         WriteBarrier<Unknown> m_internalValue;
     };
 
-    inline JSWrapperObject::JSWrapperObject(NonNullPassRefPtr<Structure> structure)
-        : JSNonFinalObject(structure)
+    inline JSWrapperObject::JSWrapperObject(JSGlobalData& globalData, Structure* structure)
+        : JSNonFinalObject(globalData, structure)
     {
     }
 
index 35e1315..efabc93 100644 (file)
@@ -35,17 +35,6 @@ namespace JSC {
 
 const ClassInfo JSZombie::s_info = { "Zombie", 0, 0, 0 };
 
-Structure* JSZombie::leakedZombieStructure(JSGlobalData& globalData)
-{
-    static Structure* structure = 0;
-    if (!structure) {
-        Structure::startIgnoringLeaks();
-        structure = Structure::create(globalData, jsNull(), TypeInfo(UnspecifiedType), 0, &s_info).leakRef();
-        Structure::stopIgnoringLeaks();
-    }
-    return structure;
-}
-
 }
 
 #endif // ENABLE(JSC_ZOMBIES)
index dfff1a7..0559b96 100644 (file)
 #define JSZombie_h
 
 #include "JSCell.h"
+#include "Structure.h"
 
 #if ENABLE(JSC_ZOMBIES)
 namespace JSC {
 
 class JSZombie : public JSCell {
 public:
-    JSZombie(const ClassInfo* oldInfo, Structure* structure)
-        : JSCell(structure)
+    JSZombie(JSGlobalData& globalData, const ClassInfo* oldInfo, Structure* structure)
+        : JSCell(globalData, structure)
         , m_oldInfo(oldInfo)
     {
         ASSERT(inherits(&s_info));
     }
 
     virtual bool isZombie() const { return true; }
-    static Structure* leakedZombieStructure(JSGlobalData&);
 
     virtual bool isGetterSetter() const { ASSERT_NOT_REACHED(); return false; }
     virtual bool isAPIValueWrapper() const { ASSERT_NOT_REACHED(); return false; }
@@ -66,9 +66,9 @@ public:
     virtual bool getOwnPropertySlot(ExecState*, const Identifier&, PropertySlot&) { ASSERT_NOT_REACHED(); return false; }
     virtual bool getOwnPropertySlot(ExecState*, unsigned, PropertySlot&) { ASSERT_NOT_REACHED(); return false; }
     
-    static PassRefPtr<Structure> createStructure(JSGlobalData& globalData, JSValue prototype)
+    static Structure* createStructure(JSGlobalData& globalData, JSValue prototype)
     {
-        return Structure::create(globalData, prototype, TypeInfo(ObjectType, 0), AnonymousSlotCount, &s_info);
+        return Structure::create(globalData, prototype, TypeInfo(LeafType, 0), AnonymousSlotCount, &s_info);
     }
 
     static const ClassInfo s_info;
index 7b856a1..52bd76a 100644 (file)
@@ -86,7 +86,7 @@ const ClassInfo MathObject::s_info = { "Math", &JSObjectWithGlobalObject::s_info
 @end
 */
 
-MathObject::MathObject(ExecState* exec, JSGlobalObject* globalObject, NonNullPassRefPtr<Structure> structure)
+MathObject::MathObject(ExecState* exec, JSGlobalObject* globalObject, Structure* structure)
     : JSObjectWithGlobalObject(globalObject, structure)
 {
     ASSERT(inherits(&s_info));
index 26eaae0..75753be 100644 (file)
@@ -27,14 +27,14 @@ namespace JSC {
 
     class MathObject : public JSObjectWithGlobalObject {
     public:
-        MathObject(ExecState*, JSGlobalObject*, NonNullPassRefPtr<Structure>);
+        MathObject(ExecState*, JSGlobalObject*, Structure*);
 
         virtual bool getOwnPropertySlot(ExecState*, const Identifier&, PropertySlot&);
         virtual bool getOwnPropertyDescriptor(ExecState*, const Identifier&, PropertyDescriptor&);
 
         static const ClassInfo s_info;
 
-        static PassRefPtr<Structure> createStructure(JSGlobalData& globalData, JSValue prototype)
+        static Structure* createStructure(JSGlobalData& globalData, JSValue prototype)
         {
             return Structure::create(globalData, prototype, TypeInfo(ObjectType, StructureFlags), AnonymousSlotCount, &s_info);
         }
index d8fda69..9cd5dcb 100644 (file)
@@ -32,7 +32,7 @@ ASSERT_CLASS_FITS_IN_CELL(NativeErrorConstructor);
 
 const ClassInfo NativeErrorConstructor::s_info = { "Function", &InternalFunction::s_info, 0, 0 };
 
-NativeErrorConstructor::NativeErrorConstructor(ExecState* exec, JSGlobalObject* globalObject, NonNullPassRefPtr<Structure> structure, NonNullPassRefPtr<Structure> prototypeStructure, const UString& nameAndMessage)
+NativeErrorConstructor::NativeErrorConstructor(ExecState* exec, JSGlobalObject* globalObject, Structure* structure, Structure* prototypeStructure, const UString& nameAndMessage)
     : InternalFunction(&exec->globalData(), globalObject, structure, Identifier(exec, nameAndMessage))
 {
     ASSERT(inherits(&s_info));
@@ -41,13 +41,23 @@ NativeErrorConstructor::NativeErrorConstructor(ExecState* exec, JSGlobalObject*
 
     putDirect(exec->globalData(), exec->propertyNames().length, jsNumber(1), DontDelete | ReadOnly | DontEnum); // ECMA 15.11.7.5
     putDirect(exec->globalData(), exec->propertyNames().prototype, prototype, DontDelete | ReadOnly | DontEnum);
-    m_errorStructure = ErrorInstance::createStructure(exec->globalData(), prototype);
+    m_errorStructure.set(exec->globalData(), this, ErrorInstance::createStructure(exec->globalData(), prototype));
+    ASSERT(m_errorStructure);
+    ASSERT(m_errorStructure->typeInfo().type() == ObjectType);
+}
+
+void NativeErrorConstructor::markChildren(MarkStack& markStack)
+{
+    InternalFunction::markChildren(markStack);
+    if (m_errorStructure)
+        markStack.append(&m_errorStructure);
 }
 
 static EncodedJSValue JSC_HOST_CALL constructWithNativeErrorConstructor(ExecState* exec)
 {
     JSValue message = exec->argumentCount() ? exec->argument(0) : jsUndefined();
     Structure* errorStructure = static_cast<NativeErrorConstructor*>(exec->callee())->errorStructure();
+    ASSERT(errorStructure);
     return JSValue::encode(ErrorInstance::create(exec, errorStructure, message));
 }
 
index 23f798e..e96daf6 100644 (file)
@@ -31,11 +31,11 @@ namespace JSC {
 
     class NativeErrorConstructor : public InternalFunction {
     public:
-        NativeErrorConstructor(ExecState*, JSGlobalObject*, NonNullPassRefPtr<Structure> structure, NonNullPassRefPtr<Structure> prototypeStructure, const UString&);
+        NativeErrorConstructor(ExecState*, JSGlobalObject*, Structure*, Structure* prototypeStructure, const UString&);
 
         static const ClassInfo s_info;
 
-        static PassRefPtr<Structure> createStructure(JSGlobalData& globalData, JSValue prototype)
+        static Structure* createStructure(JSGlobalData& globalData, JSValue prototype)
         {
             return Structure::create(globalData, prototype, TypeInfo(ObjectType, StructureFlags), AnonymousSlotCount, &s_info);
         }
@@ -43,10 +43,12 @@ namespace JSC {
         Structure* errorStructure() { return m_errorStructure.get(); }
 
     private:
+        static const unsigned StructureFlags = OverridesMarkChildren | InternalFunction::StructureFlags;
         virtual ConstructType getConstructData(ConstructData&);
         virtual CallType getCallData(CallData&);
+        virtual void markChildren(MarkStack&);
 
-        RefPtr<Structure> m_errorStructure;
+        WriteBarrier<Structure> m_errorStructure;
     };
 
 } // namespace JSC
index 4e10268..de27d59 100644 (file)
@@ -31,7 +31,7 @@ namespace JSC {
 
 ASSERT_CLASS_FITS_IN_CELL(NativeErrorPrototype);
 
-NativeErrorPrototype::NativeErrorPrototype(ExecState* exec, JSGlobalObject* globalObject, NonNullPassRefPtr<Structure> structure, const UString& nameAndMessage, NativeErrorConstructor* constructor)
+NativeErrorPrototype::NativeErrorPrototype(ExecState* exec, JSGlobalObject* globalObject, Structure* structure, const UString& nameAndMessage, NativeErrorConstructor* constructor)
     : JSObjectWithGlobalObject(globalObject, structure)
 {
     putDirect(exec->globalData(), exec->propertyNames().name, jsString(exec, nameAndMessage), 0);
index 30690d5..e1b05ce 100644 (file)
@@ -28,7 +28,7 @@ namespace JSC {
 
     class NativeErrorPrototype : public JSObjectWithGlobalObject {
     public:
-        NativeErrorPrototype(ExecState*, JSGlobalObject*, NonNullPassRefPtr<Structure>, const UString&, NativeErrorConstructor*);
+        NativeErrorPrototype(ExecState*, JSGlobalObject*, Structure*, const UString&, NativeErrorConstructor*);
     };
 
 } // namespace JSC
index aee143a..4193f79 100644 (file)
@@ -54,7 +54,7 @@ const ClassInfo NumberConstructor::s_info = { "Function", &InternalFunction::s_i
 @end
 */
 
-NumberConstructor::NumberConstructor(ExecState* exec, JSGlobalObject* globalObject, NonNullPassRefPtr<Structure> structure, NumberPrototype* numberPrototype)
+NumberConstructor::NumberConstructor(ExecState* exec, JSGlobalObject* globalObject, Structure* structure, NumberPrototype* numberPrototype)
     : InternalFunction(&exec->globalData(), globalObject, structure, Identifier(exec, numberPrototype->s_info.className))
 {
     ASSERT(inherits(&s_info));
index ab4507e..69aa8a1 100644 (file)
@@ -29,7 +29,7 @@ namespace JSC {
 
     class NumberConstructor : public InternalFunction {
     public:
-        NumberConstructor(ExecState*, JSGlobalObject*, NonNullPassRefPtr<Structure>, NumberPrototype*);
+        NumberConstructor(ExecState*, JSGlobalObject*, Structure*, NumberPrototype*);
 
         virtual bool getOwnPropertySlot(ExecState*, const Identifier&, PropertySlot&);
         virtual bool getOwnPropertyDescriptor(ExecState*, const Identifier&, PropertyDescriptor&);
@@ -37,7 +37,7 @@ namespace JSC {
 
         static const ClassInfo s_info;
 
-        static PassRefPtr<Structure> createStructure(JSGlobalData& globalData, JSValue proto) 
+        static Structure* createStructure(JSGlobalData& globalData, JSValue proto) 
         { 
             return Structure::create(globalData, proto, TypeInfo(ObjectType, StructureFlags), AnonymousSlotCount, &s_info); 
         }
index 74b5e98..6ee103b 100644 (file)
@@ -31,8 +31,8 @@ ASSERT_CLASS_FITS_IN_CELL(NumberObject);
 
 const ClassInfo NumberObject::s_info = { "Number", &JSWrapperObject::s_info, 0, 0 };
 
-NumberObject::NumberObject(JSGlobalData&, NonNullPassRefPtr<Structure> structure)
-    : JSWrapperObject(structure)
+NumberObject::NumberObject(JSGlobalData& globalData, Structure* structure)
+    : JSWrapperObject(globalData, structure)
 {
     ASSERT(inherits(&s_info));
 }
index 90d0b26..cba65dd 100644 (file)
@@ -27,11 +27,11 @@ namespace JSC {
 
     class NumberObject : public JSWrapperObject {
     public:
-        explicit NumberObject(JSGlobalData&, NonNullPassRefPtr<Structure>);
+        explicit NumberObject(JSGlobalData&, Structure*);
 
         static const ClassInfo s_info;
 
-        static PassRefPtr<Structure> createStructure(JSGlobalData& globalData, JSValue prototype)
+        static Structure* createStructure(JSGlobalData& globalData, JSValue prototype)
         {
             return Structure::create(globalData, prototype, TypeInfo(ObjectType, StructureFlags), AnonymousSlotCount, &s_info);
         }
index 6c027b3..24532dd 100644 (file)
@@ -45,7 +45,7 @@ static EncodedJSValue JSC_HOST_CALL numberProtoFuncToPrecision(ExecState*);
 
 // ECMA 15.7.4
 
-NumberPrototype::NumberPrototype(ExecState* exec, JSGlobalObject* globalObject, NonNullPassRefPtr<Structure> structure, Structure* functionStructure)
+NumberPrototype::NumberPrototype(ExecState* exec, JSGlobalObject* globalObject, Structure* structure, Structure* functionStructure)
     : NumberObject(exec->globalData(), structure)
 {
     setInternalValue(exec->globalData(), jsNumber(0));
index 191ab47..45bdfe7 100644 (file)
@@ -27,7 +27,7 @@ namespace JSC {
 
     class NumberPrototype : public NumberObject {
     public:
-        NumberPrototype(ExecState*, JSGlobalObject*, NonNullPassRefPtr<Structure>, Structure* functionStructure);
+        NumberPrototype(ExecState*, JSGlobalObject*, Structure*, Structure* functionStructure);
     };
 
 } // namespace JSC
index 6bd2a28..aed5e24 100644 (file)
@@ -75,7 +75,7 @@ const ClassInfo ObjectConstructor::s_info = { "Function", &InternalFunction::s_i
 @end
 */
 
-ObjectConstructor::ObjectConstructor(ExecState* exec, JSGlobalObject* globalObject, NonNullPassRefPtr<Structure> structure, ObjectPrototype* objectPrototype)
+ObjectConstructor::ObjectConstructor(ExecState* exec, JSGlobalObject* globalObject, Structure* structure, ObjectPrototype* objectPrototype)
     : InternalFunction(&exec->globalData(), globalObject, structure, Identifier(exec, "Object"))
 {
     // ECMA 15.2.3.1
index b7bfc1d..6ebafcd 100644 (file)
@@ -29,14 +29,14 @@ namespace JSC {
 
     class ObjectConstructor : public InternalFunction {
     public:
-        ObjectConstructor(ExecState*, JSGlobalObject*, NonNullPassRefPtr<Structure>, ObjectPrototype*);
+        ObjectConstructor(ExecState*, JSGlobalObject*, Structure*, ObjectPrototype*);
 
         virtual bool getOwnPropertySlot(ExecState*, const Identifier&, PropertySlot&);
         virtual bool getOwnPropertyDescriptor(ExecState*, const Identifier&, PropertyDescriptor&);
 
         static const ClassInfo s_info;
 
-        static PassRefPtr<Structure> createStructure(JSGlobalData& globalData, JSValue prototype)
+        static Structure* createStructure(JSGlobalData& globalData, JSValue prototype)
         {
             return Structure::create(globalData, prototype, TypeInfo(ObjectType, StructureFlags), AnonymousSlotCount, &s_info);
         }
index 187456f..7469172 100644 (file)
@@ -40,8 +40,8 @@ static EncodedJSValue JSC_HOST_CALL objectProtoFuncLookupSetter(ExecState*);
 static EncodedJSValue JSC_HOST_CALL objectProtoFuncPropertyIsEnumerable(ExecState*);
 static EncodedJSValue JSC_HOST_CALL objectProtoFuncToLocaleString(ExecState*);
 
-ObjectPrototype::ObjectPrototype(ExecState* exec, JSGlobalObject* globalObject, NonNullPassRefPtr<Structure> stucture, Structure* functionStructure)
-    : JSNonFinalObject(stucture)
+ObjectPrototype::ObjectPrototype(ExecState* exec, JSGlobalObject* globalObject, Structure* stucture, Structure* functionStructure)
+    : JSNonFinalObject(exec->globalData(), stucture)
     , m_hasNoPropertiesWithUInt32Names(true)
 {
     putDirectFunctionWithoutTransition(exec, new (exec) JSFunction(exec, globalObject, functionStructure, 0, exec->propertyNames().toString, objectProtoFuncToString), DontEnum);
index 61c8f57..9fb7fae 100644 (file)
@@ -27,7 +27,7 @@ namespace JSC {
 
     class ObjectPrototype : public JSNonFinalObject {
     public:
-        ObjectPrototype(ExecState*, JSGlobalObject*, NonNullPassRefPtr<Structure>, Structure* functionStructure);
+        ObjectPrototype(ExecState*, JSGlobalObject*, Structure*, Structure* functionStructure);
 
     private:
         virtual void put(ExecState*, const Identifier&, JSValue, PutPropertySlot&);
index edbd35f..fc195cd 100644 (file)
@@ -22,6 +22,7 @@
 #define PropertyMapHashTable_h
 
 #include "UString.h"
+#include "WriteBarrier.h"
 #include <wtf/HashTable.h>
 #include <wtf/PassOwnPtr.h>
 #include <wtf/Vector.h>
@@ -244,7 +245,7 @@ inline PropertyTable::PropertyTable(unsigned initialCapacity)
     ASSERT(isPowerOf2(m_indexSize));
 }
 
-inline PropertyTable::PropertyTable(JSGlobalData&, JSCell*, const PropertyTable& other)
+inline PropertyTable::PropertyTable(JSGlobalData& globalData, JSCell* owner, const PropertyTable& other)
     : m_indexSize(other.m_indexSize)
     , m_indexMask(other.m_indexMask)
     , m_index(static_cast<unsigned*>(fastMalloc(dataSize())))
@@ -256,8 +257,10 @@ inline PropertyTable::PropertyTable(JSGlobalData&, JSCell*, const PropertyTable&
     memcpy(m_index, other.m_index, dataSize());
 
     iterator end = this->end();
-    for (iterator iter = begin(); iter != end; ++iter)
+    for (iterator iter = begin(); iter != end; ++iter) {
         iter->key->ref();
+        writeBarrier(globalData, owner, iter->specificValue.get());
+    }
 
     // Copy the m_deletedOffsets vector.
     Vector<unsigned>* otherDeletedOffsets = other.m_deletedOffsets.get();
@@ -265,7 +268,7 @@ inline PropertyTable::PropertyTable(JSGlobalData&, JSCell*, const PropertyTable&
         m_deletedOffsets.set(new Vector<unsigned>(*otherDeletedOffsets));
 }
 
-inline PropertyTable::PropertyTable(JSGlobalData&, JSCell*, unsigned initialCapacity, const PropertyTable& other)
+inline PropertyTable::PropertyTable(JSGlobalData& globalData, JSCell* owner, unsigned initialCapacity, const PropertyTable& other)
     : m_indexSize(sizeForCapacity(initialCapacity))
     , m_indexMask(m_indexSize - 1)
     , m_index(static_cast<unsigned*>(fastZeroedMalloc(dataSize())))
@@ -280,6 +283,7 @@ inline PropertyTable::PropertyTable(JSGlobalData&, JSCell*, unsigned initialCapa
         ASSERT(canInsert());
         reinsert(*iter);
         iter->key->ref();
+        writeBarrier(globalData, owner, iter->specificValue.get());
     }
 
     // Copy the m_deletedOffsets vector.
index 19b4b36..3da0198 100644 (file)
@@ -95,7 +95,7 @@ const ClassInfo RegExpConstructor::s_info = { "Function", &InternalFunction::s_i
 @end
 */
 
-RegExpConstructor::RegExpConstructor(ExecState* exec, JSGlobalObject* globalObject, NonNullPassRefPtr<Structure> structure, RegExpPrototype* regExpPrototype)
+RegExpConstructor::RegExpConstructor(ExecState* exec, JSGlobalObject* globalObject, Structure* structure, RegExpPrototype* regExpPrototype)
     : InternalFunction(&exec->globalData(), globalObject, structure, Identifier(exec, "RegExp"))
     , d(adoptPtr(new RegExpConstructorPrivate))
 {
@@ -109,7 +109,7 @@ RegExpConstructor::RegExpConstructor(ExecState* exec, JSGlobalObject* globalObje
 }
 
 RegExpMatchesArray::RegExpMatchesArray(ExecState* exec, RegExpConstructorPrivate* data)
-    : JSArray(exec->lexicalGlobalObject()->regExpMatchesArrayStructure(), data->lastNumSubPatterns + 1, CreateInitialized)
+    : JSArray(exec->globalData(), exec->lexicalGlobalObject()->regExpMatchesArrayStructure(), data->lastNumSubPatterns + 1, CreateInitialized)
 {
     RegExpConstructorPrivate* d = new RegExpConstructorPrivate;
     d->input = data->lastInput;
index 5e0b2b8..548664e 100644 (file)
@@ -57,9 +57,9 @@ namespace JSC {
 
     class RegExpConstructor : public InternalFunction {
     public:
-        RegExpConstructor(ExecState*, JSGlobalObject*, NonNullPassRefPtr<Structure>, RegExpPrototype*);
+        RegExpConstructor(ExecState*, JSGlobalObject*, Structure*, RegExpPrototype*);
 
-        static PassRefPtr<Structure> createStructure(JSGlobalData& globalData, JSValue prototype)
+        static Structure* createStructure(JSGlobalData& globalData, JSValue prototype)
         {
             return Structure::create(globalData, prototype, TypeInfo(ObjectType, StructureFlags), AnonymousSlotCount, &s_info);
         }
index 4b5028b..d824ecd 100644 (file)
@@ -61,7 +61,7 @@ const ClassInfo RegExpObject::s_info = { "RegExp", &JSObjectWithGlobalObject::s_
 @end
 */
 
-RegExpObject::RegExpObject(JSGlobalObject* globalObject, NonNullPassRefPtr<Structure> structure, NonNullPassRefPtr<RegExp> regExp)
+RegExpObject::RegExpObject(JSGlobalObject* globalObject, Structure* structure, NonNullPassRefPtr<RegExp> regExp)
     : JSObjectWithGlobalObject(globalObject, structure)
     , d(adoptPtr(new RegExpObjectData(regExp)))
 {
index fa2024d..4274fff 100644 (file)
@@ -30,7 +30,7 @@ namespace JSC {
     public:
         typedef JSObjectWithGlobalObject Base;
 
-        RegExpObject(JSGlobalObject* globalObject, NonNullPassRefPtr<Structure>, NonNullPassRefPtr<RegExp>);
+        RegExpObject(JSGlobalObject*, Structure*, NonNullPassRefPtr<RegExp>);
         virtual ~RegExpObject();
 
         void setRegExp(PassRefPtr<RegExp> r) { d->regExp = r; }
@@ -58,7 +58,7 @@ namespace JSC {
 
         static JS_EXPORTDATA const ClassInfo s_info;
 
-        static PassRefPtr<Structure> createStructure(JSGlobalData& globalData, JSValue prototype)
+        static Structure* createStructure(JSGlobalData& globalData, JSValue prototype)
         {
             return Structure::create(globalData, prototype, TypeInfo(ObjectType, StructureFlags), AnonymousSlotCount, &s_info);
         }
index 61747b1..5bb8ad8 100644 (file)
@@ -47,7 +47,7 @@ static EncodedJSValue JSC_HOST_CALL regExpProtoFuncToString(ExecState*);
 
 // ECMA 15.10.5
 
-RegExpPrototype::RegExpPrototype(ExecState* exec, JSGlobalObject* globalObject, NonNullPassRefPtr<Structure> structure, Structure* functionStructure)
+RegExpPrototype::RegExpPrototype(ExecState* exec, JSGlobalObject* globalObject, Structure* structure, Structure* functionStructure)
     : RegExpObject(globalObject, structure, RegExp::create(&exec->globalData(), "", NoFlags))
 {
     putDirectFunctionWithoutTransition(exec, new (exec) JSFunction(exec, globalObject, functionStructure, 2, exec->propertyNames().compile, regExpProtoFuncCompile), DontEnum);
index 70d77d9..2cc5405 100644 (file)
@@ -28,7 +28,7 @@ namespace JSC {
 
     class RegExpPrototype : public RegExpObject {
     public:
-        RegExpPrototype(ExecState*, JSGlobalObject*, NonNullPassRefPtr<Structure>, Structure* functionStructure);
+        RegExpPrototype(ExecState*, JSGlobalObject*, Structure*, Structure* functionStructure);
     };
 
 } // namespace JSC
index f0ff757..d0a2672 100644 (file)
@@ -36,7 +36,7 @@ namespace JSC {
     class ScopeChainNode : public JSCell {
     public:
         ScopeChainNode(ScopeChainNode* next, JSObject* object, JSGlobalData* globalData, JSGlobalObject* globalObject, JSObject* globalThis)
-            : JSCell(globalData->scopeChainNodeStructure.get())
+            : JSCell(*globalData, globalData->scopeChainNodeStructure.get())
             , globalData(globalData)
             , next(*globalData, this, next)
             , object(*globalData, this, object)
@@ -65,7 +65,7 @@ namespace JSC {
         void print();
 #endif
         
-        static PassRefPtr<Structure> createStructure(JSGlobalData& globalData, JSValue proto) { return Structure::create(globalData, proto, TypeInfo(CompoundType, StructureFlags), AnonymousSlotCount, &s_info); }
+        static Structure* createStructure(JSGlobalData& globalData, JSValue proto) { return Structure::create(globalData, proto, TypeInfo(CompoundType, StructureFlags), AnonymousSlotCount, &s_info); }
         virtual void markChildren(MarkStack&);
     private:
         static const unsigned StructureFlags = OverridesMarkChildren;
index 24c501e..e666dee 100644 (file)
@@ -29,7 +29,7 @@
 namespace JSC {
 
 StrictEvalActivation::StrictEvalActivation(ExecState* exec)
-    : JSNonFinalObject(exec->globalData().strictEvalActivationStructure)
+    : JSNonFinalObject(exec->globalData(), exec->globalData().strictEvalActivationStructure.get())
 {
 }
 
index ed088e4..560202a 100644 (file)
@@ -48,7 +48,7 @@ static EncodedJSValue JSC_HOST_CALL stringFromCharCode(ExecState* exec)
 
 ASSERT_CLASS_FITS_IN_CELL(StringConstructor);
 
-StringConstructor::StringConstructor(ExecState* exec, JSGlobalObject* globalObject, NonNullPassRefPtr<Structure> structure, Structure* functionStructure, StringPrototype* stringPrototype)
+StringConstructor::StringConstructor(ExecState* exec, JSGlobalObject* globalObject, Structure* structure, Structure* functionStructure, StringPrototype* stringPrototype)
     : InternalFunction(&exec->globalData(), globalObject, structure, Identifier(exec, stringPrototype->classInfo()->className))
 {
     // ECMA 15.5.3.1 String.prototype
index 3a42c7e..117cce8 100644 (file)
@@ -29,7 +29,7 @@ namespace JSC {
 
     class StringConstructor : public InternalFunction {
     public:
-        StringConstructor(ExecState*, JSGlobalObject*, NonNullPassRefPtr<Structure>, Structure* functionStructure, StringPrototype*);
+        StringConstructor(ExecState*, JSGlobalObject*, Structure*, Structure* functionStructure, StringPrototype*);
 
         virtual ConstructType getConstructData(ConstructData&);
         virtual CallType getCallData(CallData&);
index 47e5860..67dc291 100644 (file)
@@ -29,22 +29,22 @@ ASSERT_CLASS_FITS_IN_CELL(StringObject);
 
 const ClassInfo StringObject::s_info = { "String", &JSWrapperObject::s_info, 0, 0 };
 
-StringObject::StringObject(ExecState* exec, NonNullPassRefPtr<Structure> structure)
-    : JSWrapperObject(structure)
+StringObject::StringObject(ExecState* exec, Structure* structure)
+    : JSWrapperObject(exec->globalData(), structure)
 {
     ASSERT(inherits(&s_info));
     setInternalValue(exec->globalData(), jsEmptyString(exec));
 }
 
-StringObject::StringObject(JSGlobalData& globalData, NonNullPassRefPtr<Structure> structure, JSString* string)
-    : JSWrapperObject(structure)
+StringObject::StringObject(JSGlobalData& globalData, Structure* structure, JSString* string)
+    : JSWrapperObject(globalData, structure)
 {
     ASSERT(inherits(&s_info));
     setInternalValue(globalData, string);
 }
 
-StringObject::StringObject(ExecState* exec, NonNullPassRefPtr<Structure> structure, const UString& string)
-    : JSWrapperObject(structure)
+StringObject::StringObject(ExecState* exec, Structure* structure, const UString& string)
+    : JSWrapperObject(exec->globalData(), structure)
 {
     ASSERT(inherits(&s_info));
     setInternalValue(exec->globalData(), jsString(exec, string));
index ae3376d..4c16044 100644 (file)
@@ -28,8 +28,8 @@ namespace JSC {
 
     class StringObject : public JSWrapperObject {
     public:
-        StringObject(ExecState*, NonNullPassRefPtr<Structure>);
-        StringObject(ExecState*, NonNullPassRefPtr<Structure>, const UString&);
+        StringObject(ExecState*, Structure*);
+        StringObject(ExecState*, Structure*