Unreviewed, rolling out r200383 and r200406.
authorcdumez@apple.com <cdumez@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 4 May 2016 15:48:16 +0000 (15:48 +0000)
committercdumez@apple.com <cdumez@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 4 May 2016 15:48:16 +0000 (15:48 +0000)
Seems to have caused crashes on iOS / ARMv7s

Reverted changesets:

"Speed up JSGlobalObject initialization by making some
properties lazy"
https://bugs.webkit.org/show_bug.cgi?id=157045
http://trac.webkit.org/changeset/200383

"REGRESSION(r200383): Setting lazily initialized properties
across frame boundaries crashes"
https://bugs.webkit.org/show_bug.cgi?id=157333
http://trac.webkit.org/changeset/200406

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@200416 268f45cc-cd09-0410-ab3c-d52691b4dbfc

48 files changed:
LayoutTests/ChangeLog
LayoutTests/js/dom/cross-window-put-math-expected.txt [deleted file]
LayoutTests/js/dom/cross-window-put-math.html [deleted file]
Source/JavaScriptCore/API/JSCallbackFunction.cpp
Source/JavaScriptCore/API/ObjCCallbackFunction.h
Source/JavaScriptCore/API/ObjCCallbackFunction.mm
Source/JavaScriptCore/CMakeLists.txt
Source/JavaScriptCore/ChangeLog
Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj
Source/JavaScriptCore/create_hash_table
Source/JavaScriptCore/debugger/DebuggerScope.cpp
Source/JavaScriptCore/debugger/DebuggerScope.h
Source/JavaScriptCore/dfg/DFGAbstractInterpreterInlines.h
Source/JavaScriptCore/dfg/DFGAbstractValue.cpp
Source/JavaScriptCore/dfg/DFGArrayMode.cpp
Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp
Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp
Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp
Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp
Source/JavaScriptCore/dfg/DFGStructureRegistrationPhase.cpp
Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp
Source/JavaScriptCore/runtime/ClonedArguments.cpp
Source/JavaScriptCore/runtime/CommonSlowPaths.cpp
Source/JavaScriptCore/runtime/FunctionPrototype.cpp
Source/JavaScriptCore/runtime/InternalFunction.cpp
Source/JavaScriptCore/runtime/InternalFunction.h
Source/JavaScriptCore/runtime/JSBoundFunction.cpp
Source/JavaScriptCore/runtime/JSBoundSlotBaseFunction.cpp
Source/JavaScriptCore/runtime/JSFunction.cpp
Source/JavaScriptCore/runtime/JSGenericTypedArrayViewConstructorInlines.h
Source/JavaScriptCore/runtime/JSGlobalObject.cpp
Source/JavaScriptCore/runtime/JSGlobalObject.h
Source/JavaScriptCore/runtime/JSNativeStdFunction.cpp
Source/JavaScriptCore/runtime/JSWithScope.cpp
Source/JavaScriptCore/runtime/JSWithScope.h
Source/JavaScriptCore/runtime/LazyClassStructure.cpp [deleted file]
Source/JavaScriptCore/runtime/LazyClassStructure.h [deleted file]
Source/JavaScriptCore/runtime/LazyClassStructureInlines.h [deleted file]
Source/JavaScriptCore/runtime/LazyProperty.h [deleted file]
Source/JavaScriptCore/runtime/LazyPropertyInlines.h [deleted file]
Source/JavaScriptCore/runtime/Lookup.cpp
Source/JavaScriptCore/runtime/Lookup.h
Source/JavaScriptCore/runtime/PropertySlot.h
Source/JavaScriptCore/runtime/TypedArrayType.h
Source/WTF/ChangeLog
Source/WTF/wtf/StdLibExtras.h
Source/WebCore/ChangeLog
Source/WebCore/bindings/js/JSHTMLElementCustom.cpp

index 6b95f49..4ceed9f 100644 (file)
@@ -1,3 +1,21 @@
+2016-05-04  Chris Dumez  <cdumez@apple.com>
+
+        Unreviewed, rolling out r200383 and r200406.
+
+        Seems to have caused crashes on iOS / ARMv7s
+
+        Reverted changesets:
+
+        "Speed up JSGlobalObject initialization by making some
+        properties lazy"
+        https://bugs.webkit.org/show_bug.cgi?id=157045
+        http://trac.webkit.org/changeset/200383
+
+        "REGRESSION(r200383): Setting lazily initialized properties
+        across frame boundaries crashes"
+        https://bugs.webkit.org/show_bug.cgi?id=157333
+        http://trac.webkit.org/changeset/200406
+
 2016-05-04  Joanmarie Diggs  <jdiggs@igalia.com>
 
         AX: ARIA 'region' role is now a landmark; HTML 'section' element should be a landmark only if named
diff --git a/LayoutTests/js/dom/cross-window-put-math-expected.txt b/LayoutTests/js/dom/cross-window-put-math-expected.txt
deleted file mode 100644 (file)
index b0b92d8..0000000
+++ /dev/null
@@ -1,9 +0,0 @@
-
-Test storing to a lazy global property.
-
-On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
-
-PASS successfullyParsed is true
-
-TEST COMPLETE
-
diff --git a/LayoutTests/js/dom/cross-window-put-math.html b/LayoutTests/js/dom/cross-window-put-math.html
deleted file mode 100644 (file)
index a35a6b7..0000000
+++ /dev/null
@@ -1,16 +0,0 @@
-<!DOCTYPE html>
-<html>
-<head>
-<script src="../../resources/js-test-pre.js"></script>
-</head>
-<body>
-<iframe id="x" src="data:text/html,<p>Hello</p>"></iframe>
-<div id="description"></div>
-<div id="console"></div>
-<script>
-description('Test storing to a lazy global property.');
-window.frames[0].Math = window.Math;
-</script>
-<script src="../../resources/js-test-post.js"></script>
-</body>
-</html>
index a2ecefe..62ea951 100644 (file)
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2006, 2008, 2016 Apple Inc. All rights reserved.
+ * Copyright (C) 2006, 2008 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -58,8 +58,7 @@ void JSCallbackFunction::finishCreation(VM& vm, const String& name)
 
 JSCallbackFunction* JSCallbackFunction::create(VM& vm, JSGlobalObject* globalObject, JSObjectCallAsFunctionCallback callback, const String& name)
 {
-    Structure* structure = globalObject->callbackFunctionStructure();
-    JSCallbackFunction* function = new (NotNull, allocateCell<JSCallbackFunction>(vm.heap)) JSCallbackFunction(vm, structure, callback);
+    JSCallbackFunction* function = new (NotNull, allocateCell<JSCallbackFunction>(vm.heap)) JSCallbackFunction(vm, globalObject->callbackFunctionStructure(), callback);
     function->finishCreation(vm, name);
     return function;
 }
index 1c0995e..adb167c 100644 (file)
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2013, 2016 Apple Inc. All rights reserved.
+ * Copyright (C) 2013 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -62,7 +62,7 @@ public:
     ObjCCallbackFunctionImpl* impl() const { return m_impl.get(); }
 
 protected:
-    ObjCCallbackFunction(VM&, Structure*, JSObjectCallAsFunctionCallback, JSObjectCallAsConstructorCallback, std::unique_ptr<ObjCCallbackFunctionImpl>);
+    ObjCCallbackFunction(VM&, JSGlobalObject*, JSObjectCallAsFunctionCallback, JSObjectCallAsConstructorCallback, std::unique_ptr<ObjCCallbackFunctionImpl>);
 
 private:
     static CallType getCallData(JSCell*, CallData&);
index b4598e5..ea98806 100644 (file)
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2013, 2016 Apple Inc. All rights reserved.
+ * Copyright (C) 2013 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -498,8 +498,8 @@ static JSObjectRef objCCallbackFunctionCallAsConstructor(JSContextRef callerCont
 
 const JSC::ClassInfo ObjCCallbackFunction::s_info = { "CallbackFunction", &Base::s_info, 0, CREATE_METHOD_TABLE(ObjCCallbackFunction) };
 
-ObjCCallbackFunction::ObjCCallbackFunction(JSC::VM& vm, JSC::Structure* structure, JSObjectCallAsFunctionCallback functionCallback, JSObjectCallAsConstructorCallback constructCallback, std::unique_ptr<ObjCCallbackFunctionImpl> impl)
-    : Base(vm, structure)
+ObjCCallbackFunction::ObjCCallbackFunction(JSC::VM& vm, JSC::JSGlobalObject* globalObject, JSObjectCallAsFunctionCallback functionCallback, JSObjectCallAsConstructorCallback constructCallback, std::unique_ptr<ObjCCallbackFunctionImpl> impl)
+    : Base(vm, globalObject->objcCallbackFunctionStructure())
     , m_functionCallback(functionCallback)
     , m_constructCallback(constructCallback)
     , m_impl(WTFMove(impl))
@@ -508,8 +508,7 @@ ObjCCallbackFunction::ObjCCallbackFunction(JSC::VM& vm, JSC::Structure* structur
 
 ObjCCallbackFunction* ObjCCallbackFunction::create(JSC::VM& vm, JSC::JSGlobalObject* globalObject, const String& name, std::unique_ptr<ObjCCallbackFunctionImpl> impl)
 {
-    Structure* structure = globalObject->objcCallbackFunctionStructure();
-    ObjCCallbackFunction* function = new (NotNull, allocateCell<ObjCCallbackFunction>(vm.heap)) ObjCCallbackFunction(vm, structure, objCCallbackFunctionCallAsFunction, objCCallbackFunctionCallAsConstructor, WTFMove(impl));
+    ObjCCallbackFunction* function = new (NotNull, allocateCell<ObjCCallbackFunction>(vm.heap)) ObjCCallbackFunction(vm, globalObject, objCCallbackFunctionCallAsFunction, objCCallbackFunctionCallAsConstructor, WTFMove(impl));
     function->finishCreation(vm, name);
     return function;
 }
index 1edbec2..b43363d 100644 (file)
@@ -740,7 +740,6 @@ set(JavaScriptCore_SOURCES
     runtime/JSWeakSet.cpp
     runtime/JSWithScope.cpp
     runtime/JSWrapperObject.cpp
-    runtime/LazyClassStructure.cpp
     runtime/LiteralParser.cpp
     runtime/Lookup.cpp
     runtime/MapConstructor.cpp
index a97f552..606290a 100644 (file)
@@ -1,3 +1,21 @@
+2016-05-04  Chris Dumez  <cdumez@apple.com>
+
+        Unreviewed, rolling out r200383 and r200406.
+
+        Seems to have caused crashes on iOS / ARMv7s
+
+        Reverted changesets:
+
+        "Speed up JSGlobalObject initialization by making some
+        properties lazy"
+        https://bugs.webkit.org/show_bug.cgi?id=157045
+        http://trac.webkit.org/changeset/200383
+
+        "REGRESSION(r200383): Setting lazily initialized properties
+        across frame boundaries crashes"
+        https://bugs.webkit.org/show_bug.cgi?id=157333
+        http://trac.webkit.org/changeset/200406
+
 2016-05-04  Yusuke Suzuki  <utatane.tea@gmail.com>
 
         Assertion failure for super() call in direct eval in method function
index 592f802..eebd975 100644 (file)
                DC17E81A1C9C91E9008A6AB3 /* CCallHelpers.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DC17E8161C9C802B008A6AB3 /* CCallHelpers.cpp */; };
                DC2143071CA32E55000A8869 /* ICStats.h in Headers */ = {isa = PBXBuildFile; fileRef = DC2143061CA32E52000A8869 /* ICStats.h */; };
                DC2143081CA32E58000A8869 /* ICStats.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DC2143051CA32E52000A8869 /* ICStats.cpp */; };
-               DCF3D5691CD2946D003D5C65 /* LazyClassStructure.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCF3D5641CD29468003D5C65 /* LazyClassStructure.cpp */; };
-               DCF3D56A1CD29470003D5C65 /* LazyClassStructure.h in Headers */ = {isa = PBXBuildFile; fileRef = DCF3D5651CD29468003D5C65 /* LazyClassStructure.h */; settings = {ATTRIBUTES = (Private, ); }; };
-               DCF3D56B1CD29472003D5C65 /* LazyClassStructureInlines.h in Headers */ = {isa = PBXBuildFile; fileRef = DCF3D5661CD29468003D5C65 /* LazyClassStructureInlines.h */; };
-               DCF3D56C1CD29475003D5C65 /* LazyProperty.h in Headers */ = {isa = PBXBuildFile; fileRef = DCF3D5671CD29468003D5C65 /* LazyProperty.h */; settings = {ATTRIBUTES = (Private, ); }; };
-               DCF3D56D1CD29476003D5C65 /* LazyPropertyInlines.h in Headers */ = {isa = PBXBuildFile; fileRef = DCF3D5681CD29468003D5C65 /* LazyPropertyInlines.h */; };
                DE26E9031CB5DD0500D2BE82 /* BuiltinExecutableCreator.h in Headers */ = {isa = PBXBuildFile; fileRef = DE26E9021CB5DD0500D2BE82 /* BuiltinExecutableCreator.h */; };
                DE26E9071CB5DEFB00D2BE82 /* BuiltinExecutableCreator.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DE26E9061CB5DD9600D2BE82 /* BuiltinExecutableCreator.cpp */; };
                DE5A0A001BA3AC3E003D4424 /* IntrinsicEmitter.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DE5A09FF1BA3AC3E003D4424 /* IntrinsicEmitter.cpp */; };
                DC17E8161C9C802B008A6AB3 /* CCallHelpers.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = CCallHelpers.cpp; sourceTree = "<group>"; };
                DC2143051CA32E52000A8869 /* ICStats.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = ICStats.cpp; sourceTree = "<group>"; };
                DC2143061CA32E52000A8869 /* ICStats.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ICStats.h; sourceTree = "<group>"; };
-               DCF3D5641CD29468003D5C65 /* LazyClassStructure.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = LazyClassStructure.cpp; sourceTree = "<group>"; };
-               DCF3D5651CD29468003D5C65 /* LazyClassStructure.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = LazyClassStructure.h; sourceTree = "<group>"; };
-               DCF3D5661CD29468003D5C65 /* LazyClassStructureInlines.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = LazyClassStructureInlines.h; sourceTree = "<group>"; };
-               DCF3D5671CD29468003D5C65 /* LazyProperty.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = LazyProperty.h; sourceTree = "<group>"; };
-               DCF3D5681CD29468003D5C65 /* LazyPropertyInlines.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = LazyPropertyInlines.h; sourceTree = "<group>"; };
                DE26E9021CB5DD0500D2BE82 /* BuiltinExecutableCreator.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = BuiltinExecutableCreator.h; sourceTree = "<group>"; };
                DE26E9061CB5DD9600D2BE82 /* BuiltinExecutableCreator.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = BuiltinExecutableCreator.cpp; sourceTree = "<group>"; };
                DE5A09FF1BA3AC3E003D4424 /* IntrinsicEmitter.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = IntrinsicEmitter.cpp; sourceTree = "<group>"; };
                7EF6E0BB0EB7A1EC0079AFAF /* runtime */ = {
                        isa = PBXGroup;
                        children = (
-                               DCF3D5641CD29468003D5C65 /* LazyClassStructure.cpp */,
-                               DCF3D5651CD29468003D5C65 /* LazyClassStructure.h */,
-                               DCF3D5661CD29468003D5C65 /* LazyClassStructureInlines.h */,
-                               DCF3D5671CD29468003D5C65 /* LazyProperty.h */,
-                               DCF3D5681CD29468003D5C65 /* LazyPropertyInlines.h */,
                                BCF605110E203EF800B9A64D /* ArgList.cpp */,
                                BCF605120E203EF800B9A64D /* ArgList.h */,
                                0FE0500C1AA9091100D33B33 /* ArgumentsMode.h */,
                                A5FD0074189B038C00633231 /* ConsoleTypes.h in Headers */,
                                0FFC99D1184EC8AD009C10AB /* ConstantMode.h in Headers */,
                                E354622B1B6065D100545386 /* ConstructAbility.h in Headers */,
-                               DCF3D56D1CD29476003D5C65 /* LazyPropertyInlines.h in Headers */,
                                BC18C3F60E16F5CD00B34460 /* ConstructData.h in Headers */,
                                A57D23F21891B5B40031C7FA /* ContentSearchUtilities.h in Headers */,
                                52678F911A04177C006A306D /* ControlFlowProfiler.h in Headers */,
                                BC18C4520E16F5CD00B34460 /* LegacyProfiler.h in Headers */,
                                BC18C4310E16F5CD00B34460 /* Lexer.h in Headers */,
                                BC18C52E0E16FCE100B34460 /* Lexer.lut.h in Headers */,
-                               DCF3D56B1CD29472003D5C65 /* LazyClassStructureInlines.h in Headers */,
                                FE187A021BFBE5610038BBCA /* JITMulGenerator.h in Headers */,
                                86D3B3C310159D7F002865E7 /* LinkBuffer.h in Headers */,
                                0F431738146BAC69007E3890 /* ListableHandler.h in Headers */,
                                86F3EEBD168CDE930077B92A /* ObjCCallbackFunction.h in Headers */,
                                86F3EEBF168CDE930077B92A /* ObjcRuntimeExtras.h in Headers */,
                                14CA958D16AB50FA00938A06 /* ObjectAllocationProfile.h in Headers */,
-                               DCF3D56C1CD29475003D5C65 /* LazyProperty.h in Headers */,
                                BC18C4450E16F5CD00B34460 /* ObjectConstructor.h in Headers */,
                                996B73221BDA08EF00331B84 /* ObjectConstructor.lut.h in Headers */,
                                0FD3E40A1B618B6600C80E1E /* ObjectPropertyCondition.h in Headers */,
                                BC18C44B0E16F5CD00B34460 /* Parser.h in Headers */,
                                93052C350FB792190048FDC3 /* ParserArena.h in Headers */,
                                0FCCAE4516D0CF7400D0C65B /* ParserError.h in Headers */,
-                               DCF3D56A1CD29470003D5C65 /* LazyClassStructure.h in Headers */,
                                A77F1825164192C700640A47 /* ParserModes.h in Headers */,
                                65303D641447B9E100D3F904 /* ParserTokens.h in Headers */,
                                0FF9CE741B9CD6D0004EDCA6 /* PolymorphicAccess.h in Headers */,
                                A54982031891D0B00081E5B8 /* EventLoop.cpp in Sources */,
                                FE1C0FFF1B194FD100B53FCA /* Exception.cpp in Sources */,
                                0F12DE0F1979D5FD0006FF4E /* ExceptionFuzz.cpp in Sources */,
-                               DCF3D5691CD2946D003D5C65 /* LazyClassStructure.cpp in Sources */,
                                1429D8780ED21ACD00B89619 /* ExceptionHelpers.cpp in Sources */,
                                86CA032E1038E8440028A609 /* Executable.cpp in Sources */,
                                0FF054F91AC35B4400E5BE57 /* ExecutableAllocationFuzz.cpp in Sources */,
index 1cb2e49..dc70e29 100755 (executable)
@@ -5,7 +5,7 @@
 # (c) 2000-2002 by Harri Porten <porten@kde.org> and
 #                  David Faure <faure@kde.org>
 # Modified (c) 2004 by Nikolas Zimmermann <wildfox@kde.org>
-# Copyright (C) 2007, 2008, 2009, 2015-2016 Apple Inc. All rights reserved.
+# Copyright (C) 2007, 2008, 2009, 2015 Apple Inc. All rights reserved.
 #
 # This library is free software; you can redistribute it and/or
 # modify it under the terms of the GNU Lesser General Public
@@ -97,15 +97,6 @@ while (<IN>) {
             my $put = "nullptr";
             $hasSetter = "true";
             push(@values, { "type" => "Accessor", "get" => $get, "put" => $put });
-        } elsif ($att =~ m/CellProperty/) {
-            my $property = $val;
-            push(@values, { "type" => "CellProperty", "property" => $property });
-        } elsif ($att =~ m/ClassStructure/) {
-            my $property = $val;
-            push(@values, { "type" => "ClassStructure", "property" => $property });
-        } elsif ($att =~ m/PropertyCallback/) {
-            my $cback = $val;
-            push(@values, { "type" => "PropertyCallback", "cback" => $cback });
         } elsif (length($att)) {
             my $get = $val;
             my $put = "0";
@@ -307,14 +298,6 @@ sub output() {
         } elsif ($values[$i]{"type"} eq "Lexer") {
             $firstValue = $values[$i]{"value"};
             $secondValue = "0";
-        } elsif ($values[$i]{"type"} eq "CellProperty" || $values[$i]{"type"} eq "ClassStructure") {
-            $values[$i]{"property"} =~ /\A([a-zA-Z0-9_]+)::(.*)\Z/ or die;
-            $firstValue = "OBJECT_OFFSETOF($1, $2)";
-            $secondValue = "0";
-        } elsif ($values[$i]{"type"} eq "PropertyCallback") {
-            $firstCastStr = "static_cast<LazyPropertyCallback>";
-            $firstValue = $values[$i]{"cback"};
-            $secondValue = "0";
         }
 
         my $intrinsic = "NoIntrinsic";
index 01d4322..0051db7 100644 (file)
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2008-2009, 2014, 2016 Apple Inc. All rights reserved.
+ * Copyright (C) 2008-2009, 2014 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -36,16 +36,8 @@ STATIC_ASSERT_IS_TRIVIALLY_DESTRUCTIBLE(DebuggerScope);
 
 const ClassInfo DebuggerScope::s_info = { "DebuggerScope", &Base::s_info, 0, CREATE_METHOD_TABLE(DebuggerScope) };
 
-DebuggerScope* DebuggerScope::create(VM& vm, JSScope* scope)
-{
-    Structure* structure = scope->globalObject()->debuggerScopeStructure();
-    DebuggerScope* debuggerScope = new (NotNull, allocateCell<DebuggerScope>(vm.heap)) DebuggerScope(vm, structure, scope);
-    debuggerScope->finishCreation(vm);
-    return debuggerScope;
-}
-
-DebuggerScope::DebuggerScope(VM& vm, Structure* structure, JSScope* scope)
-    : JSNonFinalObject(vm, structure)
+DebuggerScope::DebuggerScope(VM& vm, JSScope* scope)
+    : JSNonFinalObject(vm, scope->globalObject()->debuggerScopeStructure())
 {
     ASSERT(scope);
     m_scope.set(vm, this, scope);
index e1e8d02..e34f497 100644 (file)
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2008-2009, 2014, 2016 Apple Inc. All rights reserved.
+ * Copyright (C) 2008-2009, 2014 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -38,7 +38,12 @@ public:
     typedef JSNonFinalObject Base;
     static const unsigned StructureFlags = Base::StructureFlags | OverridesGetOwnPropertySlot | OverridesGetPropertyNames;
 
-    JS_EXPORT_PRIVATE static DebuggerScope* create(VM& vm, JSScope* scope);
+    static DebuggerScope* create(VM& vm, JSScope* scope)
+    {
+        DebuggerScope* debuggerScope = new (NotNull, allocateCell<DebuggerScope>(vm.heap)) DebuggerScope(vm, scope);
+        debuggerScope->finishCreation(vm);
+        return debuggerScope;
+    }
 
     static void visitChildren(JSCell*, SlotVisitor&);
     static String className(const JSObject*);
@@ -91,8 +96,8 @@ public:
     JSValue caughtValue(ExecState*) const;
 
 private:
-    DebuggerScope(VM&, Structure*, JSScope*);
-    void finishCreation(VM&);
+    JS_EXPORT_PRIVATE DebuggerScope(VM&, JSScope*);
+    JS_EXPORT_PRIVATE void finishCreation(VM&);
 
     JSScope* jsScope() const { return m_scope.get(); }
 
index 7d9fe94..dc83dbe 100644 (file)
@@ -1866,7 +1866,7 @@ bool AbstractInterpreter<AbstractStateType>::executeEffects(unsigned clobberLimi
         }
         forNode(node).set(
             m_graph,
-            m_graph.globalObjectFor(node->origin.semantic)->typedArrayStructureConcurrently(
+            m_graph.globalObjectFor(node->origin.semantic)->typedArrayStructure(
                 node->typedArrayType()));
         break;
         
index f1944b4..b95dfa5 100644 (file)
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2013-2016 Apple Inc. All rights reserved.
+ * Copyright (C) 2013-2015 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -77,8 +77,6 @@ void AbstractValue::set(Graph& graph, const FrozenValue& value, StructureClobber
 
 void AbstractValue::set(Graph& graph, Structure* structure)
 {
-    RELEASE_ASSERT(structure);
-    
     m_structure = structure;
     m_arrayModes = asArrayModes(structure->indexingType());
     m_type = speculationFromStructure(structure);
index 4ea7512..162201d 100644 (file)
@@ -323,20 +323,20 @@ Structure* ArrayMode::originalArrayStructure(Graph& graph, const CodeOrigin& cod
             return globalObject->originalArrayStructureForIndexingType(ArrayWithArrayStorage);
         default:
             CRASH();
-            return nullptr;
+            return 0;
         }
     }
         
     case Array::OriginalNonArray: {
         TypedArrayType type = typedArrayType();
         if (type == NotTypedArray)
-            return nullptr;
+            return 0;
         
-        return globalObject->typedArrayStructureConcurrently(type);
+        return globalObject->typedArrayStructure(type);
     }
         
     default:
-        return nullptr;
+        return 0;
     }
 }
 
index 23db40d..1fd1151 100644 (file)
@@ -2575,9 +2575,6 @@ bool ByteCodeParser::handleTypedArrayConstructor(
     
     if (argumentCountIncludingThis != 2)
         return false;
-    
-    if (!function->globalObject()->typedArrayStructureConcurrently(type))
-        return false;
 
     insertChecks();
     set(VirtualRegister(resultOperand),
index 38ef75c..b21f4d1 100644 (file)
@@ -6763,8 +6763,7 @@ void SpeculativeJIT::compileNewTypedArray(Node* node)
 {
     JSGlobalObject* globalObject = m_jit.graph().globalObjectFor(node->origin.semantic);
     TypedArrayType type = node->typedArrayType();
-    Structure* structure = globalObject->typedArrayStructureConcurrently(type);
-    RELEASE_ASSERT(structure);
+    Structure* structure = globalObject->typedArrayStructure(type);
     
     SpeculateInt32Operand size(this, node->child1());
     GPRReg sizeGPR = size.gpr();
index dfe5edb..9dcfe21 100644 (file)
@@ -3804,7 +3804,7 @@ void SpeculativeJIT::compile(Node* node)
             JSGlobalObject* globalObject = m_jit.graph().globalObjectFor(node->origin.semantic);
             callOperation(
                 operationNewTypedArrayWithOneArgumentForType(node->typedArrayType()),
-                resultGPR, globalObject->typedArrayStructureConcurrently(node->typedArrayType()),
+                resultGPR, globalObject->typedArrayStructure(node->typedArrayType()),
                 argumentTagGPR, argumentPayloadGPR);
             m_jit.exceptionCheck();
             
index 696491e..12c8893 100644 (file)
@@ -3861,7 +3861,7 @@ void SpeculativeJIT::compile(Node* node)
             JSGlobalObject* globalObject = m_jit.graph().globalObjectFor(node->origin.semantic);
             callOperation(
                 operationNewTypedArrayWithOneArgumentForType(node->typedArrayType()),
-                resultGPR, globalObject->typedArrayStructureConcurrently(node->typedArrayType()),
+                resultGPR, globalObject->typedArrayStructure(node->typedArrayType()),
                 argumentGPR);
             m_jit.exceptionCheck();
             
index 51cf489..d15935b 100644 (file)
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2016 Apple Inc. All rights reserved.
+ * Copyright (C) 2014, 2015 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -120,7 +120,7 @@ public:
                 }
                     
                 case NewTypedArray:
-                    registerStructure(m_graph.globalObjectFor(node->origin.semantic)->typedArrayStructureConcurrently(node->typedArrayType()));
+                    registerStructure(m_graph.globalObjectFor(node->origin.semantic)->typedArrayStructure(node->typedArrayType()));
                     break;
                     
                 case ToString:
index bb2be48..ebbb76c 100644 (file)
@@ -3908,7 +3908,7 @@ private:
         
         switch (m_node->child1().useKind()) {
         case Int32Use: {
-            Structure* structure = globalObject->typedArrayStructureConcurrently(type);
+            Structure* structure = globalObject->typedArrayStructure(type);
 
             LValue size = lowInt32(m_node->child1());
 
@@ -3969,7 +3969,7 @@ private:
 
             LValue result = vmCall(
                 m_out.intPtr, m_out.operation(operationNewTypedArrayWithOneArgumentForType(type)),
-                m_callFrame, weakPointer(globalObject->typedArrayStructureConcurrently(type)), argument);
+                m_callFrame, weakPointer(globalObject->typedArrayStructure(type)), argument);
 
             setJSValue(result);
             return;
index 829f8e4..432406a 100644 (file)
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2015-2016 Apple Inc. All rights reserved.
+ * Copyright (C) 2015 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -158,11 +158,11 @@ bool ClonedArguments::getOwnPropertySlot(JSObject* object, ExecState* exec, Prop
 
         if (isStrictMode) {
             if (ident == vm.propertyNames->callee) {
-                slot.setGetterSlot(thisObject, DontDelete | DontEnum | Accessor, thisObject->globalObject()->throwTypeErrorGetterSetter());
+                slot.setGetterSlot(thisObject, DontDelete | DontEnum | Accessor, thisObject->globalObject()->throwTypeErrorGetterSetter(vm));
                 return true;
             }
             if (ident == vm.propertyNames->caller) {
-                slot.setGetterSlot(thisObject, DontDelete | DontEnum | Accessor, thisObject->globalObject()->throwTypeErrorGetterSetter());
+                slot.setGetterSlot(thisObject, DontDelete | DontEnum | Accessor, thisObject->globalObject()->throwTypeErrorGetterSetter(vm));
                 return true;
             }
 
@@ -238,8 +238,8 @@ void ClonedArguments::materializeSpecials(ExecState* exec)
     bool isStrictMode = executable->isStrictMode();
     
     if (isStrictMode) {
-        putDirectAccessor(exec, vm.propertyNames->callee, globalObject()->throwTypeErrorGetterSetter(), DontDelete | DontEnum | Accessor);
-        putDirectAccessor(exec, vm.propertyNames->caller, globalObject()->throwTypeErrorGetterSetter(), DontDelete | DontEnum | Accessor);
+        putDirectAccessor(exec, vm.propertyNames->callee, globalObject()->throwTypeErrorGetterSetter(vm), DontDelete | DontEnum | Accessor);
+        putDirectAccessor(exec, vm.propertyNames->caller, globalObject()->throwTypeErrorGetterSetter(vm), DontDelete | DontEnum | Accessor);
     } else
         putDirect(vm, vm.propertyNames->callee, JSValue(m_callee.get()));
 
index ad8327a..9466809 100644 (file)
@@ -762,7 +762,7 @@ SLOW_PATH_DECL(slow_path_push_with_scope)
 
     int scopeReg = pc[3].u.operand;
     JSScope* currentScope = exec->uncheckedR(scopeReg).Register::scope();
-    RETURN(JSWithScope::create(vm, exec->lexicalGlobalObject(), newScope, currentScope));
+    RETURN(JSWithScope::create(exec, newScope, currentScope));
 }
 
 SLOW_PATH_DECL(slow_path_resolve_scope)
index 9f5d0fe..e4416a2 100644 (file)
@@ -104,7 +104,7 @@ EncodedJSValue JSC_HOST_CALL functionProtoFuncToString(ExecState* exec)
 
     if (thisValue.inherits(InternalFunction::info())) {
         InternalFunction* function = asInternalFunction(thisValue);
-        return JSValue::encode(jsMakeNontrivialString(exec, "function ", function->name(), "() {\n    [native code]\n}"));
+        return JSValue::encode(jsMakeNontrivialString(exec, "function ", function->name(exec), "() {\n    [native code]\n}"));
     }
 
     if (thisValue.isObject()) {
index 537b246..a20a563 100644 (file)
@@ -58,7 +58,7 @@ void InternalFunction::visitChildren(JSCell* cell, SlotVisitor& visitor)
     visitor.append(&thisObject->m_originalName);
 }
 
-const String& InternalFunction::name()
+const String& InternalFunction::name(ExecState*)
 {
     const String& name = m_originalName->tryGetValue();
     ASSERT(name); // m_originalName was built from a String, and hence, there is no rope to resolve.
@@ -88,7 +88,7 @@ const String InternalFunction::calculatedDisplayName(ExecState* exec)
     if (!explicitName.isEmpty())
         return explicitName;
     
-    return name();
+    return name(exec);
 }
 
 Structure* InternalFunction::createSubclassStructure(ExecState* exec, JSValue newTarget, Structure* baseClass)
index c142ef2..c9c0e89 100644 (file)
@@ -40,7 +40,7 @@ public:
 
     JS_EXPORT_PRIVATE static void visitChildren(JSCell*, SlotVisitor&);
 
-    JS_EXPORT_PRIVATE const String& name();
+    JS_EXPORT_PRIVATE const String& name(ExecState*);
     const String displayName(ExecState*);
     const String calculatedDisplayName(ExecState*);
 
index 904c855..69d80ec 100644 (file)
@@ -196,8 +196,8 @@ void JSBoundFunction::finishCreation(VM& vm, NativeExecutable* executable, int l
     Base::finishCreation(vm, executable, length, name);
     ASSERT(inherits(info()));
 
-    putDirectNonIndexAccessor(vm, vm.propertyNames->arguments, globalObject()->throwTypeErrorGetterSetter(), DontDelete | DontEnum | Accessor);
-    putDirectNonIndexAccessor(vm, vm.propertyNames->caller, globalObject()->throwTypeErrorGetterSetter(), DontDelete | DontEnum | Accessor);
+    putDirectNonIndexAccessor(vm, vm.propertyNames->arguments, globalObject()->throwTypeErrorGetterSetter(vm), DontDelete | DontEnum | Accessor);
+    putDirectNonIndexAccessor(vm, vm.propertyNames->caller, globalObject()->throwTypeErrorGetterSetter(vm), DontDelete | DontEnum | Accessor);
 }
 
 void JSBoundFunction::visitChildren(JSCell* cell, SlotVisitor& visitor)
index 1f33562..16811a8 100644 (file)
@@ -64,8 +64,7 @@ JSBoundSlotBaseFunction* JSBoundSlotBaseFunction::create(VM& vm, JSGlobalObject*
 {
     NativeExecutable* executable = vm.getHostFunction(boundSlotBaseFunctionCall, callHostFunctionAsConstructor, name);
 
-    Structure* structure = globalObject->boundSlotBaseFunctionStructure();
-    JSBoundSlotBaseFunction* function = new (NotNull, allocateCell<JSBoundSlotBaseFunction>(vm.heap)) JSBoundSlotBaseFunction(vm, globalObject, structure, type);
+    JSBoundSlotBaseFunction* function = new (NotNull, allocateCell<JSBoundSlotBaseFunction>(vm.heap)) JSBoundSlotBaseFunction(vm, globalObject, globalObject->boundSlotBaseFunctionStructure(), type);
 
     // Can't do this during initialization because getHostFunction might do a GC allocation.
     const char* prefix = (type == Type::Getter) ? "get " : "set ";
index fd6cd70..47ddfbd 100644 (file)
@@ -319,11 +319,11 @@ static JSValue retrieveCallerFunction(ExecState* exec, JSFunction* functionObj)
     return functor.result();
 }
 
-static GetterSetter* getThrowTypeErrorGetterSetter(JSFunction* function)
+static GetterSetter* getThrowTypeErrorGetterSetter(ExecState* exec, JSFunction* function)
 {
     return function->jsExecutable()->isClassConstructorFunction() || function->jsExecutable()->parseMode() == SourceParseMode::MethodMode
-        ? function->globalObject()->throwTypeErrorArgumentsAndCallerGetterSetter()
-        : function->globalObject()->throwTypeErrorGetterSetter();
+        ? function->globalObject()->throwTypeErrorArgumentsAndCallerGetterSetter(exec->vm())
+        : function->globalObject()->throwTypeErrorGetterSetter(exec->vm());
 }
 
 EncodedJSValue JSFunction::callerGetter(ExecState* exec, EncodedJSValue thisValue, PropertyName)
@@ -375,7 +375,7 @@ bool JSFunction::getOwnPropertySlot(JSObject* object, ExecState* exec, PropertyN
         if (thisObject->jsExecutable()->isStrictMode() || thisObject->jsExecutable()->isClassConstructorFunction()) {
             bool result = Base::getOwnPropertySlot(thisObject, exec, propertyName, slot);
             if (!result) {
-                GetterSetter* errorGetterSetter = getThrowTypeErrorGetterSetter(thisObject);
+                GetterSetter* errorGetterSetter = getThrowTypeErrorGetterSetter(exec, thisObject);
                 thisObject->putDirectAccessor(exec, propertyName, errorGetterSetter, DontDelete | DontEnum | Accessor);
                 result = Base::getOwnPropertySlot(thisObject, exec, propertyName, slot);
                 ASSERT(result);
@@ -390,7 +390,7 @@ bool JSFunction::getOwnPropertySlot(JSObject* object, ExecState* exec, PropertyN
         if (thisObject->jsExecutable()->isStrictMode() || thisObject->jsExecutable()->isClassConstructorFunction()) {
             bool result = Base::getOwnPropertySlot(thisObject, exec, propertyName, slot);
             if (!result) {
-                GetterSetter* errorGetterSetter = getThrowTypeErrorGetterSetter(thisObject);
+                GetterSetter* errorGetterSetter = getThrowTypeErrorGetterSetter(exec, thisObject);
                 thisObject->putDirectAccessor(exec, propertyName, errorGetterSetter, DontDelete | DontEnum | Accessor);
                 result = Base::getOwnPropertySlot(thisObject, exec, propertyName, slot);
                 ASSERT(result);
@@ -499,7 +499,7 @@ bool JSFunction::defineOwnProperty(JSObject* object, ExecState* exec, PropertyNa
         if (thisObject->jsExecutable()->isStrictMode()) {
             PropertySlot slot(thisObject, PropertySlot::InternalMethodType::VMInquiry);
             if (!Base::getOwnPropertySlot(thisObject, exec, propertyName, slot))
-                thisObject->putDirectAccessor(exec, propertyName, thisObject->globalObject()->throwTypeErrorGetterSetter(), DontDelete | DontEnum | Accessor);
+                thisObject->putDirectAccessor(exec, propertyName, thisObject->globalObject()->throwTypeErrorGetterSetter(exec->vm()), DontDelete | DontEnum | Accessor);
             return Base::defineOwnProperty(object, exec, propertyName, descriptor, throwException);
         }
         valueCheck = !descriptor.value() || sameValue(exec, descriptor.value(), retrieveArguments(exec, thisObject));
@@ -507,7 +507,7 @@ bool JSFunction::defineOwnProperty(JSObject* object, ExecState* exec, PropertyNa
         if (thisObject->jsExecutable()->isStrictMode()) {
             PropertySlot slot(thisObject, PropertySlot::InternalMethodType::VMInquiry);
             if (!Base::getOwnPropertySlot(thisObject, exec, propertyName, slot))
-                thisObject->putDirectAccessor(exec, propertyName, thisObject->globalObject()->throwTypeErrorGetterSetter(), DontDelete | DontEnum | Accessor);
+                thisObject->putDirectAccessor(exec, propertyName, thisObject->globalObject()->throwTypeErrorGetterSetter(exec->vm()), DontDelete | DontEnum | Accessor);
             return Base::defineOwnProperty(object, exec, propertyName, descriptor, throwException);
         }
         valueCheck = !descriptor.value() || sameValue(exec, descriptor.value(), retrieveCallerFunction(exec, thisObject));
index f3c7c68..a2b4cb7 100644 (file)
@@ -221,9 +221,7 @@ EncodedJSValue JSC_HOST_CALL constructGenericTypedArrayView(ExecState*);
 template<typename ViewClass>
 EncodedJSValue JSC_HOST_CALL constructGenericTypedArrayView(ExecState* exec)
 {
-    InternalFunction* function = asInternalFunction(exec->callee());
-    Structure* parentStructure = function->globalObject()->typedArrayStructure(ViewClass::TypedArrayStorageType);
-    Structure* structure = InternalFunction::createSubclassStructure(exec, exec->newTarget(), parentStructure);
+    Structure* structure = InternalFunction::createSubclassStructure(exec, exec->newTarget(), asInternalFunction(exec->callee())->globalObject()->typedArrayStructure(ViewClass::TypedArrayStorageType));
     if (exec->hadException())
         return JSValue::encode(JSValue());
 
index 1e158af..3448f11 100644 (file)
 #include "JSWeakMap.h"
 #include "JSWeakSet.h"
 #include "JSWithScope.h"
-#include "LazyClassStructureInlines.h"
-#include "LazyPropertyInlines.h"
 #include "LegacyProfiler.h"
 #include "Lookup.h"
 #include "MapConstructor.h"
 #include "JSReplayInputs.h"
 #endif
 
-namespace JSC {
-
-static JSValue createProxyProperty(VM& vm, JSObject* object)
-{
-    JSGlobalObject* global = jsCast<JSGlobalObject*>(object);
-    return ProxyConstructor::create(vm, ProxyConstructor::createStructure(vm, global, global->functionPrototype()));
-}
-
-static JSValue createJSONProperty(VM& vm, JSObject* object)
-{
-    JSGlobalObject* global = jsCast<JSGlobalObject*>(object);
-    return JSONObject::create(vm, JSONObject::createStructure(vm, global, global->objectPrototype()));
-}
-
-static JSValue createMathProperty(VM& vm, JSObject* object)
-{
-    JSGlobalObject* global = jsCast<JSGlobalObject*>(object);
-    return MathObject::create(vm, global, MathObject::createStructure(vm, global, global->objectPrototype()));
-}
-
-} // namespace JSC
-
 #include "JSGlobalObject.lut.h"
 
 namespace JSC {
@@ -206,39 +182,15 @@ const GlobalObjectMethodTable JSGlobalObject::s_globalObjectMethodTable = { &all
 
 /* Source for JSGlobalObject.lut.h
 @begin globalObjectTable
-  parseFloat            globalFuncParseFloat                         DontEnum|Function 1
-  isNaN                 globalFuncIsNaN                              DontEnum|Function 1
-  isFinite              globalFuncIsFinite                           DontEnum|Function 1
-  escape                globalFuncEscape                             DontEnum|Function 1
-  unescape              globalFuncUnescape                           DontEnum|Function 1
-  decodeURI             globalFuncDecodeURI                          DontEnum|Function 1
-  decodeURIComponent    globalFuncDecodeURIComponent                 DontEnum|Function 1
-  encodeURI             globalFuncEncodeURI                          DontEnum|Function 1
-  encodeURIComponent    globalFuncEncodeURIComponent                 DontEnum|Function 1
-  EvalError             JSGlobalObject::m_evalErrorConstructor       DontEnum|CellProperty
-  ReferenceError        JSGlobalObject::m_referenceErrorConstructor  DontEnum|CellProperty
-  SyntaxError           JSGlobalObject::m_syntaxErrorConstructor     DontEnum|CellProperty
-  URIError              JSGlobalObject::m_URIErrorConstructor        DontEnum|CellProperty
-  Proxy                 createProxyProperty                          DontEnum|PropertyCallback
-  JSON                  createJSONProperty                           DontEnum|PropertyCallback
-  Math                  createMathProperty                           DontEnum|PropertyCallback
-  Int8Array             JSGlobalObject::m_typedArrayInt8             DontEnum|ClassStructure
-  Int16Array            JSGlobalObject::m_typedArrayInt16            DontEnum|ClassStructure
-  Int32Array            JSGlobalObject::m_typedArrayInt32            DontEnum|ClassStructure
-  Uint8Array            JSGlobalObject::m_typedArrayUint8            DontEnum|ClassStructure
-  Uint8ClampedArray     JSGlobalObject::m_typedArrayUint8Clamped     DontEnum|ClassStructure
-  Uint16Array           JSGlobalObject::m_typedArrayUint16           DontEnum|ClassStructure
-  Uint32Array           JSGlobalObject::m_typedArrayUint32           DontEnum|ClassStructure
-  Float32Array          JSGlobalObject::m_typedArrayFloat32          DontEnum|ClassStructure
-  Float64Array          JSGlobalObject::m_typedArrayFloat64          DontEnum|ClassStructure
-  DataView              JSGlobalObject::m_typedArrayDataView         DontEnum|ClassStructure
-  Set                   JSGlobalObject::m_setStructure               DontEnum|ClassStructure
-  Map                   JSGlobalObject::m_mapStructure               DontEnum|ClassStructure
-  Date                  JSGlobalObject::m_dateStructure              DontEnum|ClassStructure
-  Boolean               JSGlobalObject::m_booleanObjectStructure     DontEnum|ClassStructure
-  Number                JSGlobalObject::m_numberObjectStructure      DontEnum|ClassStructure
-  WeakMap               JSGlobalObject::m_weakMapStructure           DontEnum|ClassStructure
-  WeakSet               JSGlobalObject::m_weakSetStructure           DontEnum|ClassStructure
+  parseFloat            globalFuncParseFloat            DontEnum|Function 1
+  isNaN                 globalFuncIsNaN                 DontEnum|Function 1
+  isFinite              globalFuncIsFinite              DontEnum|Function 1
+  escape                globalFuncEscape                DontEnum|Function 1
+  unescape              globalFuncUnescape              DontEnum|Function 1
+  decodeURI             globalFuncDecodeURI             DontEnum|Function 1
+  decodeURIComponent    globalFuncDecodeURIComponent    DontEnum|Function 1
+  encodeURI             globalFuncEncodeURI             DontEnum|Function 1
+  encodeURIComponent    globalFuncEncodeURIComponent    DontEnum|Function 1
 @end
 */
 
@@ -339,55 +291,22 @@ void JSGlobalObject::init(VM& vm)
     exec->setCallee(m_globalCallee.get());
 
     m_functionStructure.set(vm, this, JSFunction::createStructure(vm, this, m_functionPrototype.get()));
-    m_boundSlotBaseFunctionStructure.initLater(
-        [] (const Initializer<Structure>& init) {
-            init.set(JSBoundSlotBaseFunction::createStructure(init.vm, init.owner, init.owner->m_functionPrototype.get()));
-        });
-    m_boundFunctionStructure.initLater(
-        [] (const Initializer<Structure>& init) {
-            init.set(JSBoundFunction::createStructure(init.vm, init.owner, init.owner->m_functionPrototype.get()));
-        });
+    m_boundSlotBaseFunctionStructure.set(vm, this, JSBoundSlotBaseFunction::createStructure(vm, this, m_functionPrototype.get()));
+    m_boundFunctionStructure.set(vm, this, JSBoundFunction::createStructure(vm, this, m_functionPrototype.get()));
     m_getterSetterStructure.set(vm, this, GetterSetter::createStructure(vm, this, jsNull()));
-    m_nativeStdFunctionStructure.initLater(
-        [] (const Initializer<Structure>& init) {
-            init.set(JSNativeStdFunction::createStructure(init.vm, init.owner, init.owner->m_functionPrototype.get()));
-        });
-    m_namedFunctionStructure.initLater(
-        [] (const Initializer<Structure>& init) {
-            init.set(Structure::addPropertyTransition(init.vm, init.owner->m_functionStructure.get(), init.vm.propertyNames->name, DontDelete | ReadOnly | DontEnum, init.owner->m_functionNameOffset));
-        });
+    m_nativeStdFunctionStructure.set(vm, this, JSNativeStdFunction::createStructure(vm, this, m_functionPrototype.get()));
+    m_namedFunctionStructure.set(vm, this, Structure::addPropertyTransition(vm, m_functionStructure.get(), vm.propertyNames->name, DontDelete | ReadOnly | DontEnum, m_functionNameOffset));
+    m_internalFunctionStructure.set(vm, this, InternalFunction::createStructure(vm, this, m_functionPrototype.get()));
     JSFunction* callFunction = 0;
     JSFunction* applyFunction = 0;
     JSFunction* hasInstanceSymbolFunction = 0;
     m_functionPrototype->addFunctionProperties(exec, this, &callFunction, &applyFunction, &hasInstanceSymbolFunction);
     m_callFunction.set(vm, this, callFunction);
     m_applyFunction.set(vm, this, applyFunction);
-    m_arrayProtoValuesFunction.initLater(
-        [] (const Initializer<JSFunction>& init) {
-            init.set(JSFunction::create(init.vm, init.owner, 0, init.vm.propertyNames->values.string(), arrayProtoFuncValues));
-        });
-    m_initializePromiseFunction.initLater(
-        [] (const Initializer<JSFunction>& init) {
-            init.set(JSFunction::createBuiltinFunction(init.vm, promiseOperationsInitializePromiseCodeGenerator(init.vm), init.owner));
-        });
+    m_arrayProtoValuesFunction.set(vm, this, JSFunction::create(vm, this, 0, vm.propertyNames->values.string(), arrayProtoFuncValues));
+    m_initializePromiseFunction.set(vm, this, JSFunction::createBuiltinFunction(vm, promiseOperationsInitializePromiseCodeGenerator(vm), this));
     m_newPromiseCapabilityFunction.set(vm, this, JSFunction::createBuiltinFunction(vm, promiseOperationsNewPromiseCapabilityCodeGenerator(vm), this));
     m_functionProtoHasInstanceSymbolFunction.set(vm, this, hasInstanceSymbolFunction);
-    m_throwTypeErrorGetterSetter.initLater(
-        [] (const Initializer<GetterSetter>& init) {
-            JSFunction* thrower = JSFunction::create(init.vm, init.owner, 0, String(), globalFuncThrowTypeError);
-            GetterSetter* getterSetter = GetterSetter::create(init.vm, init.owner);
-            getterSetter->setGetter(init.vm, init.owner, thrower);
-            getterSetter->setSetter(init.vm, init.owner, thrower);
-            init.set(getterSetter);
-        });
-    m_throwTypeErrorArgumentsAndCallerGetterSetter.initLater(
-        [] (const Initializer<GetterSetter>& init) {
-            JSFunction* thrower = JSFunction::create(init.vm, init.owner, 0, String(), globalFuncThrowTypeErrorArgumentsAndCaller);
-            GetterSetter* getterSetter = GetterSetter::create(init.vm, init.owner);
-            getterSetter->setGetter(init.vm, init.owner, thrower);
-            getterSetter->setSetter(init.vm, init.owner, thrower);
-            init.set(getterSetter);
-        });
     m_nullGetterFunction.set(vm, this, NullGetterFunction::create(vm, NullGetterFunction::createStructure(vm, this, m_functionPrototype.get())));
     m_nullSetterFunction.set(vm, this, NullSetterFunction::create(vm, NullSetterFunction::createStructure(vm, this, m_functionPrototype.get())));
     m_objectPrototype.set(vm, this, ObjectPrototype::create(vm, this, ObjectPrototype::createStructure(vm, this, jsNull())));
@@ -397,87 +316,48 @@ void JSGlobalObject::init(VM& vm)
     m_objectPrototype->putDirectNonIndexAccessor(vm, vm.propertyNames->underscoreProto, protoAccessor, Accessor | DontEnum);
     m_functionPrototype->structure()->setPrototypeWithoutTransition(vm, m_objectPrototype.get());
 
-    m_speciesGetterSetter.set(vm, this, GetterSetter::create(vm, this));
-    m_speciesGetterSetter->setGetter(vm, this, JSFunction::createBuiltinFunction(vm, globalObjectSpeciesGetterCodeGenerator(vm), this, "get [Symbol.species]"));
-
-    m_typedArrayProto.initLater(
-        [] (const Initializer<JSTypedArrayViewPrototype>& init) {
-            init.set(JSTypedArrayViewPrototype::create(init.vm, init.owner, JSTypedArrayViewPrototype::createStructure(init.vm, init.owner, init.owner->m_objectPrototype.get())));
-            
-            // Make sure that the constructor gets initialized, too.
-            init.owner->m_typedArraySuperConstructor.get(init.owner);
-        });
-    m_typedArraySuperConstructor.initLater(
-        [] (const Initializer<JSTypedArrayViewConstructor>& init) {
-            JSTypedArrayViewPrototype* prototype = init.owner->m_typedArrayProto.get(init.owner);
-            JSTypedArrayViewConstructor* constructor = JSTypedArrayViewConstructor::create(init.vm, init.owner, JSTypedArrayViewConstructor::createStructure(init.vm, init.owner, init.owner->m_functionPrototype.get()), prototype, init.owner->m_speciesGetterSetter.get());
-            prototype->putDirectWithoutTransition(init.vm, init.vm.propertyNames->constructor, constructor, DontEnum);
-            init.set(constructor);
-        });
-    
-#define INIT_TYPED_ARRAY_LATER(type) \
-    m_typedArray ## type.initLater( \
-        [] (LazyClassStructure::Initializer& init) { \
-            init.setPrototype(JS ## type ## ArrayPrototype::create(init.vm, init.global, JS ## type ## ArrayPrototype::createStructure(init.vm, init.global, init.global->m_typedArrayProto.get(init.global)))); \
-            init.setStructure(JS ## type ## Array::createStructure(init.vm, init.global, init.prototype)); \
-            init.setConstructor(JS ## type ## ArrayConstructor::create(init.vm, init.global, JS ## type ## ArrayConstructor::createStructure(init.vm, init.global, init.global->m_typedArraySuperConstructor.get(init.global)), init.prototype, ASCIILiteral(#type "Array"), typedArrayConstructorAllocate ## type ## ArrayCodeGenerator(init.vm))); \
-            init.global->putDirectWithoutTransition(init.vm, init.vm.propertyNames->type ## ArrayPrivateName, init.constructor, DontEnum); \
-        });
-    FOR_EACH_TYPED_ARRAY_TYPE_EXCLUDING_DATA_VIEW(INIT_TYPED_ARRAY_LATER)
-#undef INIT_TYPED_ARRAY_LATER
+    JSTypedArrayViewPrototype* typedArrayProto = JSTypedArrayViewPrototype::create(vm, this, JSTypedArrayViewPrototype::createStructure(vm, this, m_objectPrototype.get()));
+
+    m_typedArrays[toIndex(TypeInt8)].prototype.set(vm, this, JSInt8ArrayPrototype::create(vm, this, JSInt8ArrayPrototype::createStructure(vm, this, typedArrayProto)));
+    m_typedArrays[toIndex(TypeInt16)].prototype.set(vm, this, JSInt16ArrayPrototype::create(vm, this, JSInt16ArrayPrototype::createStructure(vm, this, typedArrayProto)));
+    m_typedArrays[toIndex(TypeInt32)].prototype.set(vm, this, JSInt32ArrayPrototype::create(vm, this, JSInt32ArrayPrototype::createStructure(vm, this, typedArrayProto)));
+    m_typedArrays[toIndex(TypeUint8)].prototype.set(vm, this, JSUint8ArrayPrototype::create(vm, this, JSUint8ArrayPrototype::createStructure(vm, this, typedArrayProto)));
+    m_typedArrays[toIndex(TypeUint8Clamped)].prototype.set(vm, this, JSUint8ClampedArrayPrototype::create(vm, this, JSUint8ClampedArrayPrototype::createStructure(vm, this, typedArrayProto)));
+    m_typedArrays[toIndex(TypeUint16)].prototype.set(vm, this, JSUint16ArrayPrototype::create(vm, this, JSUint16ArrayPrototype::createStructure(vm, this, typedArrayProto)));
+    m_typedArrays[toIndex(TypeUint32)].prototype.set(vm, this, JSUint32ArrayPrototype::create(vm, this, JSUint32ArrayPrototype::createStructure(vm, this, typedArrayProto)));
+    m_typedArrays[toIndex(TypeFloat32)].prototype.set(vm, this, JSFloat32ArrayPrototype::create(vm, this, JSFloat32ArrayPrototype::createStructure(vm, this, typedArrayProto)));
+    m_typedArrays[toIndex(TypeFloat64)].prototype.set(vm, this, JSFloat64ArrayPrototype::create(vm, this, JSFloat64ArrayPrototype::createStructure(vm, this, typedArrayProto)));
+    m_typedArrays[toIndex(TypeDataView)].prototype.set(vm, this, JSDataViewPrototype::create(vm, JSDataViewPrototype::createStructure(vm, this, m_objectPrototype.get())));
     
-    m_typedArrayDataView.initLater(
-        [] (LazyClassStructure::Initializer& init) {
-            init.setPrototype(JSDataViewPrototype::create(init.vm, JSDataViewPrototype::createStructure(init.vm, init.global, init.global->m_objectPrototype.get())));
-            init.setStructure(JSDataView::createStructure(init.vm, init.global, init.prototype));
-            init.setConstructor(JSDataViewConstructor::create(init.vm, init.global, JSDataViewConstructor::createStructure(init.vm, init.global, init.global->m_functionPrototype.get()), init.prototype, ASCIILiteral("DataView"), nullptr));
-        });
+    m_typedArrays[toIndex(TypeInt8)].structure.set(vm, this, JSInt8Array::createStructure(vm, this, m_typedArrays[toIndex(TypeInt8)].prototype.get()));
+    m_typedArrays[toIndex(TypeInt16)].structure.set(vm, this, JSInt16Array::createStructure(vm, this, m_typedArrays[toIndex(TypeInt16)].prototype.get()));
+    m_typedArrays[toIndex(TypeInt32)].structure.set(vm, this, JSInt32Array::createStructure(vm, this, m_typedArrays[toIndex(TypeInt32)].prototype.get()));
+    m_typedArrays[toIndex(TypeUint8)].structure.set(vm, this, JSUint8Array::createStructure(vm, this, m_typedArrays[toIndex(TypeUint8)].prototype.get()));
+    m_typedArrays[toIndex(TypeUint8Clamped)].structure.set(vm, this, JSUint8ClampedArray::createStructure(vm, this, m_typedArrays[toIndex(TypeUint8Clamped)].prototype.get()));
+    m_typedArrays[toIndex(TypeUint16)].structure.set(vm, this, JSUint16Array::createStructure(vm, this, m_typedArrays[toIndex(TypeUint16)].prototype.get()));
+    m_typedArrays[toIndex(TypeUint32)].structure.set(vm, this, JSUint32Array::createStructure(vm, this, m_typedArrays[toIndex(TypeUint32)].prototype.get()));
+    m_typedArrays[toIndex(TypeFloat32)].structure.set(vm, this, JSFloat32Array::createStructure(vm, this, m_typedArrays[toIndex(TypeFloat32)].prototype.get()));
+    m_typedArrays[toIndex(TypeFloat64)].structure.set(vm, this, JSFloat64Array::createStructure(vm, this, m_typedArrays[toIndex(TypeFloat64)].prototype.get()));
+    m_typedArrays[toIndex(TypeDataView)].structure.set(vm, this, JSDataView::createStructure(vm, this, m_typedArrays[toIndex(TypeDataView)].prototype.get()));
     
     m_lexicalEnvironmentStructure.set(vm, this, JSLexicalEnvironment::createStructure(vm, this));
-    m_moduleEnvironmentStructure.initLater(
-        [] (const Initializer<Structure>& init) {
-            init.set(JSModuleEnvironment::createStructure(init.vm, init.owner));
-        });
+    m_moduleEnvironmentStructure.set(vm, this, JSModuleEnvironment::createStructure(vm, this));
     m_strictEvalActivationStructure.set(vm, this, StrictEvalActivation::createStructure(vm, this, jsNull()));
-    m_debuggerScopeStructure.initLater(
-        [] (const Initializer<Structure>& init) {
-            init.set(DebuggerScope::createStructure(init.vm, init.owner));
-        });
-    m_withScopeStructure.initLater(
-        [] (const Initializer<Structure>& init) {
-            init.set(JSWithScope::createStructure(init.vm, init.owner, jsNull()));
-        });
+    m_debuggerScopeStructure.set(m_vm, this, DebuggerScope::createStructure(m_vm, this));
+    m_withScopeStructure.set(vm, this, JSWithScope::createStructure(vm, this, jsNull()));
     
-    m_nullPrototypeObjectStructure.initLater(
-        [] (const Initializer<Structure>& init) {
-            init.set(JSFinalObject::createStructure(init.vm, init.owner, jsNull(), JSFinalObject::defaultInlineCapacity()));
-        });
+    m_nullPrototypeObjectStructure.set(vm, this, JSFinalObject::createStructure(vm, this, jsNull(), JSFinalObject::defaultInlineCapacity()));
     
-    m_callbackFunctionStructure.initLater(
-        [] (const Initializer<Structure>& init) {
-            init.set(JSCallbackFunction::createStructure(init.vm, init.owner, init.owner->m_functionPrototype.get()));
-        });
+    m_callbackFunctionStructure.set(vm, this, JSCallbackFunction::createStructure(vm, this, m_functionPrototype.get()));
     m_directArgumentsStructure.set(vm, this, DirectArguments::createStructure(vm, this, m_objectPrototype.get()));
     m_scopedArgumentsStructure.set(vm, this, ScopedArguments::createStructure(vm, this, m_objectPrototype.get()));
     m_clonedArgumentsStructure.set(vm, this, ClonedArguments::createStructure(vm, this, m_objectPrototype.get()));
-    m_callbackConstructorStructure.initLater(
-        [] (const Initializer<Structure>& init) {
-            init.set(JSCallbackConstructor::createStructure(init.vm, init.owner, init.owner->m_objectPrototype.get()));
-        });
-    m_callbackObjectStructure.initLater(
-        [] (const Initializer<Structure>& init) {
-            init.set(JSCallbackObject<JSDestructibleObject>::createStructure(init.vm, init.owner, init.owner->m_objectPrototype.get()));
-        });
+    m_callbackConstructorStructure.set(vm, this, JSCallbackConstructor::createStructure(vm, this, m_objectPrototype.get()));
+    m_callbackObjectStructure.set(vm, this, JSCallbackObject<JSDestructibleObject>::createStructure(vm, this, m_objectPrototype.get()));
 
 #if JSC_OBJC_API_ENABLED
-    m_objcCallbackFunctionStructure.initLater(
-        [] (const Initializer<Structure>& init) {
-            init.set(ObjCCallbackFunction::createStructure(init.vm, init.owner, init.owner->m_functionPrototype.get()));
-        });
-    m_objcWrapperObjectStructure.initLater(
-        [] (const Initializer<Structure>& init) {
-            init.set(JSCallbackObject<JSAPIWrapperObject>::createStructure(init.vm, init.owner, init.owner->m_objectPrototype.get()));
-        });
+    m_objcCallbackFunctionStructure.set(vm, this, ObjCCallbackFunction::createStructure(vm, this, m_functionPrototype.get()));
+    m_objcWrapperObjectStructure.set(vm, this, JSCallbackObject<JSAPIWrapperObject>::createStructure(vm, this, m_objectPrototype.get()));
 #endif
     
     m_arrayPrototype.set(vm, this, ArrayPrototype::create(vm, this, ArrayPrototype::createStructure(vm, this, m_objectPrototype.get())));
@@ -521,34 +401,23 @@ m_ ## properName ## Structure.set(vm, this, instanceType::createStructure(vm, th
     
 #undef CREATE_PROTOTYPE_FOR_SIMPLE_TYPE
 
-#define CREATE_PROTOTYPE_FOR_LAZY_TYPE(capitalName, lowerName, properName, instanceType, jsName) \
-    m_ ## properName ## Structure.initLater(\
-        [] (LazyClassStructure::Initializer& init) { \
-            init.setPrototype(capitalName##Prototype::create(init.vm, init.global, capitalName##Prototype::createStructure(init.vm, init.global, init.global->m_objectPrototype.get()))); \
-            init.setStructure(instanceType::createStructure(init.vm, init.global, init.prototype)); \
-            init.setConstructor(capitalName ## Constructor::create(init.vm, capitalName ## Constructor::createStructure(init.vm, init.global, init.global->m_functionPrototype.get()), jsCast<capitalName ## Prototype*>(init.prototype), init.global->m_speciesGetterSetter.get())); \
-        });
-    
-    FOR_EACH_LAZY_BUILTIN_TYPE(CREATE_PROTOTYPE_FOR_LAZY_TYPE)
-    
-#undef CREATE_PROTOTYPE_FOR_LAZY_TYPE
-    
     m_iteratorPrototype.set(vm, this, IteratorPrototype::create(vm, this, IteratorPrototype::createStructure(vm, this, m_objectPrototype.get())));
 
 #define CREATE_PROTOTYPE_FOR_DERIVED_ITERATOR_TYPE(capitalName, lowerName, properName, instanceType, jsName) \
-    m_ ## lowerName ## Structure.initLater( \
-        [] (const Initializer<Structure>& init) { \
-            JSObject* prototype = capitalName ## Prototype::create(init.vm, init.owner, capitalName ## Prototype::createStructure(init.vm, init.owner, init.owner->m_iteratorPrototype.get())); \
-            init.set(instanceType::createStructure(init.vm, init.owner, prototype)); \
-        });
+m_ ## lowerName ## Prototype.set(vm, this, capitalName##Prototype::create(vm, this, capitalName##Prototype::createStructure(vm, this, m_iteratorPrototype.get()))); \
+m_ ## properName ## Structure.set(vm, this, instanceType::createStructure(vm, this, m_ ## lowerName ## Prototype.get()));
+    
     FOR_EACH_BUILTIN_DERIVED_ITERATOR_TYPE(CREATE_PROTOTYPE_FOR_DERIVED_ITERATOR_TYPE)
-#undef CREATE_PROTOTYPE_FOR_DERIVED_ITERATOR_TYPE
-
     m_propertyNameIteratorStructure.set(vm, this, JSPropertyNameIterator::createStructure(vm, this, m_iteratorPrototype.get()));
     m_generatorPrototype.set(vm, this, GeneratorPrototype::create(vm, this, GeneratorPrototype::createStructure(vm, this, m_iteratorPrototype.get())));
     
+#undef CREATE_PROTOTYPE_FOR_DERIVED_ITERATOR_TYPE
+
     // Constructors
 
+    GetterSetter* speciesGetterSetter = GetterSetter::create(vm, this);
+    speciesGetterSetter->setGetter(vm, this, JSFunction::createBuiltinFunction(vm, globalObjectSpeciesGetterCodeGenerator(vm), this, "get [Symbol.species]"));
+
     ObjectConstructor* objectConstructor = ObjectConstructor::create(vm, this, ObjectConstructor::createStructure(vm, this, m_functionPrototype.get()), m_objectPrototype.get());
     m_objectConstructor.set(vm, this, objectConstructor);
 
@@ -556,42 +425,30 @@ m_ ## properName ## Structure.set(vm, this, instanceType::createStructure(vm, th
     m_definePropertyFunction.set(vm, this, definePropertyFunction);
 
     JSCell* functionConstructor = FunctionConstructor::create(vm, FunctionConstructor::createStructure(vm, this, m_functionPrototype.get()), m_functionPrototype.get());
-    JSObject* arrayConstructor = ArrayConstructor::create(vm, this, ArrayConstructor::createStructure(vm, this, m_functionPrototype.get()), m_arrayPrototype.get(), m_speciesGetterSetter.get());
+    JSObject* arrayConstructor = ArrayConstructor::create(vm, this, ArrayConstructor::createStructure(vm, this, m_functionPrototype.get()), m_arrayPrototype.get(), speciesGetterSetter);
     
-    m_regExpConstructor.set(vm, this, RegExpConstructor::create(vm, RegExpConstructor::createStructure(vm, this, m_functionPrototype.get()), m_regExpPrototype.get(), m_speciesGetterSetter.get()));
+    m_regExpConstructor.set(vm, this, RegExpConstructor::create(vm, RegExpConstructor::createStructure(vm, this, m_functionPrototype.get()), m_regExpPrototype.get(), speciesGetterSetter));
     
 #define CREATE_CONSTRUCTOR_FOR_SIMPLE_TYPE(capitalName, lowerName, properName, instanceType, jsName) \
-capitalName ## Constructor* lowerName ## Constructor = capitalName ## Constructor::create(vm, capitalName ## Constructor::createStructure(vm, this, m_functionPrototype.get()), m_ ## lowerName ## Prototype.get(), m_speciesGetterSetter.get()); \
+capitalName ## Constructor* lowerName ## Constructor = capitalName ## Constructor::create(vm, capitalName ## Constructor::createStructure(vm, this, m_functionPrototype.get()), m_ ## lowerName ## Prototype.get(), speciesGetterSetter); \
 m_ ## lowerName ## Prototype->putDirectWithoutTransition(vm, vm.propertyNames->constructor, lowerName ## Constructor, DontEnum); \
 
     FOR_EACH_SIMPLE_BUILTIN_TYPE(CREATE_CONSTRUCTOR_FOR_SIMPLE_TYPE)
     
 #undef CREATE_CONSTRUCTOR_FOR_SIMPLE_TYPE
-
+    
     m_errorConstructor.set(vm, this, errorConstructor);
     m_promiseConstructor.set(vm, this, promiseConstructor);
     m_internalPromiseConstructor.set(vm, this, internalPromiseConstructor);
     
-    m_nativeErrorPrototypeStructure.set(vm, this, NativeErrorPrototype::createStructure(vm, this, m_errorPrototype.get()));
-    m_nativeErrorStructure.set(vm, this, NativeErrorConstructor::createStructure(vm, this, m_functionPrototype.get()));
-    m_evalErrorConstructor.initLater(
-        [] (const Initializer<NativeErrorConstructor>& init) {
-            init.set(NativeErrorConstructor::create(init.vm, init.owner, init.owner->m_nativeErrorStructure.get(), init.owner->m_nativeErrorPrototypeStructure.get(), ASCIILiteral("EvalError")));
-        });
-    m_rangeErrorConstructor.set(vm, this, NativeErrorConstructor::create(vm, this, m_nativeErrorStructure.get(), m_nativeErrorPrototypeStructure.get(), ASCIILiteral("RangeError")));
-    m_referenceErrorConstructor.initLater(
-        [] (const Initializer<NativeErrorConstructor>& init) {
-            init.set(NativeErrorConstructor::create(init.vm, init.owner, init.owner->m_nativeErrorStructure.get(), init.owner->m_nativeErrorPrototypeStructure.get(), ASCIILiteral("ReferenceError")));
-        });
-    m_syntaxErrorConstructor.initLater(
-        [] (const Initializer<NativeErrorConstructor>& init) {
-            init.set(NativeErrorConstructor::create(init.vm, init.owner, init.owner->m_nativeErrorStructure.get(), init.owner->m_nativeErrorPrototypeStructure.get(), ASCIILiteral("SyntaxError")));
-        });
-    m_typeErrorConstructor.set(vm, this, NativeErrorConstructor::create(vm, this, m_nativeErrorStructure.get(), m_nativeErrorPrototypeStructure.get(), ASCIILiteral("TypeError")));
-    m_URIErrorConstructor.initLater(
-        [] (const Initializer<NativeErrorConstructor>& init) {
-            init.set(NativeErrorConstructor::create(init.vm, init.owner, init.owner->m_nativeErrorStructure.get(), init.owner->m_nativeErrorPrototypeStructure.get(), ASCIILiteral("URIError")));
-        });
+    Structure* nativeErrorPrototypeStructure = NativeErrorPrototype::createStructure(vm, this, m_errorPrototype.get());
+    Structure* nativeErrorStructure = NativeErrorConstructor::createStructure(vm, this, m_functionPrototype.get());
+    m_evalErrorConstructor.set(vm, this, NativeErrorConstructor::create(vm, this, nativeErrorStructure, nativeErrorPrototypeStructure, ASCIILiteral("EvalError")));
+    m_rangeErrorConstructor.set(vm, this, NativeErrorConstructor::create(vm, this, nativeErrorStructure, nativeErrorPrototypeStructure, ASCIILiteral("RangeError")));
+    m_referenceErrorConstructor.set(vm, this, NativeErrorConstructor::create(vm, this, nativeErrorStructure, nativeErrorPrototypeStructure, ASCIILiteral("ReferenceError")));
+    m_syntaxErrorConstructor.set(vm, this, NativeErrorConstructor::create(vm, this, nativeErrorStructure, nativeErrorPrototypeStructure, ASCIILiteral("SyntaxError")));
+    m_typeErrorConstructor.set(vm, this, NativeErrorConstructor::create(vm, this, nativeErrorStructure, nativeErrorPrototypeStructure, ASCIILiteral("TypeError")));
+    m_URIErrorConstructor.set(vm, this, NativeErrorConstructor::create(vm, this, nativeErrorStructure, nativeErrorPrototypeStructure, ASCIILiteral("URIError")));
 
     m_generatorFunctionPrototype.set(vm, this, GeneratorFunctionPrototype::create(vm, GeneratorFunctionPrototype::createStructure(vm, this, m_functionPrototype.get())));
     GeneratorFunctionConstructor* generatorFunctionConstructor = GeneratorFunctionConstructor::create(vm, GeneratorFunctionConstructor::createStructure(vm, this, functionConstructor), m_generatorFunctionPrototype.get());
@@ -610,12 +467,16 @@ m_ ## lowerName ## Prototype->putDirectWithoutTransition(vm, vm.propertyNames->c
     putDirectWithoutTransition(vm, vm.propertyNames->Function, functionConstructor, DontEnum);
     putDirectWithoutTransition(vm, vm.propertyNames->Array, arrayConstructor, DontEnum);
     putDirectWithoutTransition(vm, vm.propertyNames->RegExp, m_regExpConstructor.get(), DontEnum);
+    putDirectWithoutTransition(vm, vm.propertyNames->EvalError, m_evalErrorConstructor.get(), DontEnum);
     putDirectWithoutTransition(vm, vm.propertyNames->RangeError, m_rangeErrorConstructor.get(), DontEnum);
+    putDirectWithoutTransition(vm, vm.propertyNames->ReferenceError, m_referenceErrorConstructor.get(), DontEnum);
+    putDirectWithoutTransition(vm, vm.propertyNames->SyntaxError, m_syntaxErrorConstructor.get(), DontEnum);
     putDirectWithoutTransition(vm, vm.propertyNames->TypeError, m_typeErrorConstructor.get(), DontEnum);
+    putDirectWithoutTransition(vm, vm.propertyNames->URIError, m_URIErrorConstructor.get(), DontEnum);
 
-    putDirectWithoutTransition(vm, vm.propertyNames->ObjectPrivateName, objectConstructor, DontEnum | DontDelete | ReadOnly);
-    putDirectWithoutTransition(vm, vm.propertyNames->ArrayPrivateName, arrayConstructor, DontEnum | DontDelete | ReadOnly);
-
+    putDirectWithoutTransition(vm, vm.propertyNames->Proxy, ProxyConstructor::create(vm, ProxyConstructor::createStructure(vm, this, m_functionPrototype.get())), DontEnum);
+    
+    
 #define PUT_CONSTRUCTOR_FOR_SIMPLE_TYPE(capitalName, lowerName, properName, instanceType, jsName) \
 putDirectWithoutTransition(vm, vm.propertyNames-> jsName, lowerName ## Constructor, DontEnum); \
 
@@ -631,11 +492,42 @@ putDirectWithoutTransition(vm, vm.propertyNames-> jsName, lowerName ## Construct
     IntlObject* intl = IntlObject::create(vm, this, IntlObject::createStructure(vm, this, m_objectPrototype.get()));
     putDirectWithoutTransition(vm, vm.propertyNames->Intl, intl, DontEnum);
 #endif // ENABLE(INTL)
+    putDirectWithoutTransition(vm, vm.propertyNames->JSON, JSONObject::create(vm, JSONObject::createStructure(vm, this, m_objectPrototype.get())), DontEnum);
+    putDirectWithoutTransition(vm, vm.propertyNames->Math, MathObject::create(vm, this, MathObject::createStructure(vm, this, m_objectPrototype.get())), DontEnum);
     ReflectObject* reflectObject = ReflectObject::create(vm, this, ReflectObject::createStructure(vm, this, m_objectPrototype.get()));
     putDirectWithoutTransition(vm, vm.propertyNames->Reflect, reflectObject, DontEnum);
 
     putDirectWithoutTransition(vm, vm.propertyNames->console, ConsoleObject::create(vm, this, ConsoleObject::createStructure(vm, this, m_objectPrototype.get())), DontEnum);
 
+    JSTypedArrayViewConstructor* typedArraySuperConstructor = JSTypedArrayViewConstructor::create(vm, this, JSTypedArrayViewConstructor::createStructure(vm, this, m_functionPrototype.get()), typedArrayProto, speciesGetterSetter);
+    typedArrayProto->putDirectWithoutTransition(vm, vm.propertyNames->constructor, typedArraySuperConstructor, DontEnum);
+
+    m_typedArrays[toIndex(TypeInt8)].constructor.set(vm , this, JSInt8ArrayConstructor::create(vm, this, JSInt8ArrayConstructor::createStructure(vm, this, typedArraySuperConstructor), m_typedArrays[toIndex(TypeInt8)].prototype.get(), ASCIILiteral("Int8Array"), typedArrayConstructorAllocateInt8ArrayCodeGenerator(vm)));
+    m_typedArrays[toIndex(TypeInt16)].constructor.set(vm, this, JSInt16ArrayConstructor::create(vm, this, JSInt16ArrayConstructor::createStructure(vm, this, typedArraySuperConstructor), m_typedArrays[toIndex(TypeInt16)].prototype.get(), ASCIILiteral("Int16Array"), typedArrayConstructorAllocateInt16ArrayCodeGenerator(vm)));
+    m_typedArrays[toIndex(TypeInt32)].constructor.set(vm, this, JSInt32ArrayConstructor::create(vm, this, JSInt32ArrayConstructor::createStructure(vm, this, typedArraySuperConstructor), m_typedArrays[toIndex(TypeInt32)].prototype.get(), ASCIILiteral("Int32Array"), typedArrayConstructorAllocateInt32ArrayCodeGenerator(vm)));
+    m_typedArrays[toIndex(TypeUint8)].constructor.set(vm, this, JSUint8ArrayConstructor::create(vm, this, JSUint8ArrayConstructor::createStructure(vm, this, typedArraySuperConstructor), m_typedArrays[toIndex(TypeUint8)].prototype.get(), ASCIILiteral("Uint8Array"), typedArrayConstructorAllocateUint8ArrayCodeGenerator(vm)));
+    m_typedArrays[toIndex(TypeUint8Clamped)].constructor.set(vm, this, JSUint8ClampedArrayConstructor::create(vm, this, JSUint8ClampedArrayConstructor::createStructure(vm, this, typedArraySuperConstructor), m_typedArrays[toIndex(TypeUint8Clamped)].prototype.get(), ASCIILiteral("Uint8ClampedArray"), typedArrayConstructorAllocateUint8ClampedArrayCodeGenerator(vm)));
+    m_typedArrays[toIndex(TypeUint16)].constructor.set(vm, this, JSUint16ArrayConstructor::create(vm, this, JSUint16ArrayConstructor::createStructure(vm, this, typedArraySuperConstructor), m_typedArrays[toIndex(TypeUint16)].prototype.get(), ASCIILiteral("Uint16Array"), typedArrayConstructorAllocateUint16ArrayCodeGenerator(vm)));
+    m_typedArrays[toIndex(TypeUint32)].constructor.set(vm, this, JSUint32ArrayConstructor::create(vm, this, JSUint32ArrayConstructor::createStructure(vm, this, typedArraySuperConstructor), m_typedArrays[toIndex(TypeUint32)].prototype.get(), ASCIILiteral("Uint32Array"), typedArrayConstructorAllocateUint32ArrayCodeGenerator(vm)));
+    m_typedArrays[toIndex(TypeFloat32)].constructor.set(vm, this, JSFloat32ArrayConstructor::create(vm, this, JSFloat32ArrayConstructor::createStructure(vm, this, typedArraySuperConstructor), m_typedArrays[toIndex(TypeFloat32)].prototype.get(), ASCIILiteral("Float32Array"), typedArrayConstructorAllocateFloat32ArrayCodeGenerator(vm)));
+    m_typedArrays[toIndex(TypeFloat64)].constructor.set(vm, this, JSFloat64ArrayConstructor::create(vm, this, JSFloat64ArrayConstructor::createStructure(vm, this, typedArraySuperConstructor), m_typedArrays[toIndex(TypeFloat64)].prototype.get(), ASCIILiteral("Float64Array"), typedArrayConstructorAllocateFloat64ArrayCodeGenerator(vm)));
+    m_typedArrays[toIndex(TypeDataView)].constructor.set(vm, this, JSDataViewConstructor::create(vm, this, JSDataViewConstructor::createStructure(vm, this, m_functionPrototype.get()), m_typedArrays[toIndex(TypeDataView)].prototype.get(), ASCIILiteral("DataView"), nullptr));
+    
+    for (unsigned typedArrayIndex = NUMBER_OF_TYPED_ARRAY_TYPES; typedArrayIndex--;) {
+        m_typedArrays[typedArrayIndex].prototype->putDirectWithoutTransition(vm, vm.propertyNames->constructor, m_typedArrays[typedArrayIndex].constructor.get(), DontEnum);
+        putDirectWithoutTransition(vm, Identifier::fromString(exec, m_typedArrays[typedArrayIndex].constructor.get()->name(exec)), m_typedArrays[typedArrayIndex].constructor.get(), DontEnum);
+    }
+
+    putDirectWithoutTransition(vm, vm.propertyNames->Int8ArrayPrivateName, m_typedArrays[toIndex(TypeInt8)].constructor.get(), DontEnum);
+    putDirectWithoutTransition(vm, vm.propertyNames->Int16ArrayPrivateName, m_typedArrays[toIndex(TypeInt16)].constructor.get(), DontEnum);
+    putDirectWithoutTransition(vm, vm.propertyNames->Int32ArrayPrivateName, m_typedArrays[toIndex(TypeInt32)].constructor.get(), DontEnum);
+    putDirectWithoutTransition(vm, vm.propertyNames->Uint8ArrayPrivateName, m_typedArrays[toIndex(TypeUint8)].constructor.get(), DontEnum);
+    putDirectWithoutTransition(vm, vm.propertyNames->Uint8ClampedArrayPrivateName, m_typedArrays[toIndex(TypeUint8Clamped)].constructor.get(), DontEnum);
+    putDirectWithoutTransition(vm, vm.propertyNames->Uint16ArrayPrivateName, m_typedArrays[toIndex(TypeUint16)].constructor.get(), DontEnum);
+    putDirectWithoutTransition(vm, vm.propertyNames->Uint32ArrayPrivateName, m_typedArrays[toIndex(TypeUint32)].constructor.get(), DontEnum);
+    putDirectWithoutTransition(vm, vm.propertyNames->Float32ArrayPrivateName, m_typedArrays[toIndex(TypeFloat32)].constructor.get(), DontEnum);
+    putDirectWithoutTransition(vm, vm.propertyNames->Float64ArrayPrivateName, m_typedArrays[toIndex(TypeFloat64)].constructor.get(), DontEnum);
+
     m_moduleLoader.set(vm, this, ModuleLoaderObject::create(vm, this, ModuleLoaderObject::createStructure(vm, this, m_objectPrototype.get())));
     if (Options::exposeInternalModuleLoader())
         putDirectWithoutTransition(vm, vm.propertyNames->Loader, m_moduleLoader.get(), DontEnum);
@@ -988,6 +880,24 @@ bool JSGlobalObject::stringPrototypeChainIsSane()
         && objectPrototypeIsSane();
 }
 
+void JSGlobalObject::createThrowTypeError(VM& vm)
+{
+    JSFunction* thrower = JSFunction::create(vm, this, 0, String(), globalFuncThrowTypeError);
+    GetterSetter* getterSetter = GetterSetter::create(vm, this);
+    getterSetter->setGetter(vm, this, thrower);
+    getterSetter->setSetter(vm, this, thrower);
+    m_throwTypeErrorGetterSetter.set(vm, this, getterSetter);
+}
+
+void JSGlobalObject::createThrowTypeErrorArgumentsAndCaller(VM& vm)
+{
+    JSFunction* thrower = JSFunction::create(vm, this, 0, String(), globalFuncThrowTypeErrorArgumentsAndCaller);
+    GetterSetter* getterSetter = GetterSetter::create(vm, this);
+    getterSetter->setGetter(vm, this, thrower);
+    getterSetter->setSetter(vm, this, thrower);
+    m_throwTypeErrorArgumentsAndCallerGetterSetter.set(vm, this, getterSetter);
+}
+
 // Set prototype, and also insert the object prototype at the end of the chain.
 void JSGlobalObject::resetPrototype(VM& vm, JSValue prototype)
 {
@@ -1014,16 +924,15 @@ void JSGlobalObject::visitChildren(JSCell* cell, SlotVisitor& visitor)
     visitor.append(&thisObject->m_globalCallee);
     visitor.append(&thisObject->m_regExpConstructor);
     visitor.append(&thisObject->m_errorConstructor);
-    visitor.append(&thisObject->m_nativeErrorPrototypeStructure);
-    visitor.append(&thisObject->m_nativeErrorStructure);
-    thisObject->m_evalErrorConstructor.visit(visitor);
+    visitor.append(&thisObject->m_evalErrorConstructor);
     visitor.append(&thisObject->m_rangeErrorConstructor);
-    thisObject->m_referenceErrorConstructor.visit(visitor);
-    thisObject->m_syntaxErrorConstructor.visit(visitor);
+    visitor.append(&thisObject->m_referenceErrorConstructor);
+    visitor.append(&thisObject->m_syntaxErrorConstructor);
     visitor.append(&thisObject->m_typeErrorConstructor);
-    thisObject->m_URIErrorConstructor.visit(visitor);
+    visitor.append(&thisObject->m_URIErrorConstructor);
     visitor.append(&thisObject->m_objectConstructor);
     visitor.append(&thisObject->m_promiseConstructor);
+    visitor.append(&thisObject->m_internalPromiseConstructor);
 
     visitor.append(&thisObject->m_nullGetterFunction);
     visitor.append(&thisObject->m_nullSetterFunction);
@@ -1033,12 +942,12 @@ void JSGlobalObject::visitChildren(JSCell* cell, SlotVisitor& visitor)
     visitor.append(&thisObject->m_callFunction);
     visitor.append(&thisObject->m_applyFunction);
     visitor.append(&thisObject->m_definePropertyFunction);
-    thisObject->m_arrayProtoValuesFunction.visit(visitor);
-    thisObject->m_initializePromiseFunction.visit(visitor);
+    visitor.append(&thisObject->m_arrayProtoValuesFunction);
+    visitor.append(&thisObject->m_initializePromiseFunction);
     visitor.append(&thisObject->m_newPromiseCapabilityFunction);
     visitor.append(&thisObject->m_functionProtoHasInstanceSymbolFunction);
-    thisObject->m_throwTypeErrorGetterSetter.visit(visitor);
-    thisObject->m_throwTypeErrorArgumentsAndCallerGetterSetter.visit(visitor);
+    visitor.append(&thisObject->m_throwTypeErrorGetterSetter);
+    visitor.append(&thisObject->m_throwTypeErrorArgumentsAndCallerGetterSetter);
     visitor.append(&thisObject->m_moduleLoader);
 
     visitor.append(&thisObject->m_objectPrototype);
@@ -1049,11 +958,11 @@ void JSGlobalObject::visitChildren(JSCell* cell, SlotVisitor& visitor)
     visitor.append(&thisObject->m_generatorFunctionPrototype);
     visitor.append(&thisObject->m_generatorPrototype);
 
-    thisObject->m_debuggerScopeStructure.visit(visitor);
-    thisObject->m_withScopeStructure.visit(visitor);
+    visitor.append(&thisObject->m_debuggerScopeStructure);
+    visitor.append(&thisObject->m_withScopeStructure);
     visitor.append(&thisObject->m_strictEvalActivationStructure);
     visitor.append(&thisObject->m_lexicalEnvironmentStructure);
-    thisObject->m_moduleEnvironmentStructure.visit(visitor);
+    visitor.append(&thisObject->m_moduleEnvironmentStructure);
     visitor.append(&thisObject->m_directArgumentsStructure);
     visitor.append(&thisObject->m_scopedArgumentsStructure);
     visitor.append(&thisObject->m_clonedArgumentsStructure);
@@ -1061,23 +970,24 @@ void JSGlobalObject::visitChildren(JSCell* cell, SlotVisitor& visitor)
         visitor.append(&thisObject->m_originalArrayStructureForIndexingShape[i]);
     for (unsigned i = 0; i < NumberOfIndexingShapes; ++i)
         visitor.append(&thisObject->m_arrayStructureForIndexingShapeDuringAllocation[i]);
-    thisObject->m_callbackConstructorStructure.visit(visitor);
-    thisObject->m_callbackFunctionStructure.visit(visitor);
-    thisObject->m_callbackObjectStructure.visit(visitor);
+    visitor.append(&thisObject->m_booleanObjectStructure);
+    visitor.append(&thisObject->m_callbackConstructorStructure);
+    visitor.append(&thisObject->m_callbackFunctionStructure);
+    visitor.append(&thisObject->m_callbackObjectStructure);
     visitor.append(&thisObject->m_propertyNameIteratorStructure);
 #if JSC_OBJC_API_ENABLED
-    thisObject->m_objcCallbackFunctionStructure.visit(visitor);
-    thisObject->m_objcWrapperObjectStructure.visit(visitor);
+    visitor.append(&thisObject->m_objcCallbackFunctionStructure);
+    visitor.append(&thisObject->m_objcWrapperObjectStructure);
 #endif
-    thisObject->m_nullPrototypeObjectStructure.visit(visitor);
+    visitor.append(&thisObject->m_nullPrototypeObjectStructure);
     visitor.append(&thisObject->m_errorStructure);
     visitor.append(&thisObject->m_calleeStructure);
     visitor.append(&thisObject->m_functionStructure);
-    thisObject->m_boundSlotBaseFunctionStructure.visit(visitor);
-    thisObject->m_boundFunctionStructure.visit(visitor);
+    visitor.append(&thisObject->m_boundSlotBaseFunctionStructure);
+    visitor.append(&thisObject->m_boundFunctionStructure);
     visitor.append(&thisObject->m_getterSetterStructure);
-    thisObject->m_nativeStdFunctionStructure.visit(visitor);
-    thisObject->m_namedFunctionStructure.visit(visitor);
+    visitor.append(&thisObject->m_nativeStdFunctionStructure);
+    visitor.append(&thisObject->m_namedFunctionStructure);
     visitor.append(&thisObject->m_symbolObjectStructure);
     visitor.append(&thisObject->m_regExpStructure);
     visitor.append(&thisObject->m_generatorFunctionStructure);
@@ -1087,6 +997,7 @@ void JSGlobalObject::visitChildren(JSCell* cell, SlotVisitor& visitor)
     visitor.append(&thisObject->m_moduleRecordStructure);
     visitor.append(&thisObject->m_moduleNamespaceObjectStructure);
     visitor.append(&thisObject->m_dollarVMStructure);
+    visitor.append(&thisObject->m_internalFunctionStructure);
     visitor.append(&thisObject->m_proxyObjectStructure);
     visitor.append(&thisObject->m_callableProxyObjectStructure);
     visitor.append(&thisObject->m_proxyRevokeStructure);
@@ -1099,23 +1010,15 @@ void JSGlobalObject::visitChildren(JSCell* cell, SlotVisitor& visitor)
     visitor.append(&thisObject->m_ ## properName ## Structure); \
 
     FOR_EACH_SIMPLE_BUILTIN_TYPE(VISIT_SIMPLE_TYPE)
+    FOR_EACH_BUILTIN_DERIVED_ITERATOR_TYPE(VISIT_SIMPLE_TYPE)
 
 #undef VISIT_SIMPLE_TYPE
 
-#define VISIT_LAZY_TYPE(CapitalName, lowerName, properName, instanceType, jsName) \
-    thisObject->m_ ## properName ## Structure.visit(visitor);
-    
-    FOR_EACH_LAZY_BUILTIN_TYPE(VISIT_LAZY_TYPE)
-    FOR_EACH_BUILTIN_DERIVED_ITERATOR_TYPE(VISIT_LAZY_TYPE)
-
-#undef VISIT_LAZY_TYPE
-
-    for (unsigned i = NUMBER_OF_TYPED_ARRAY_TYPES; i--;)
-        thisObject->lazyTypedArrayStructure(indexToTypedArrayType(i)).visit(visitor);
-    
-    visitor.append(&thisObject->m_speciesGetterSetter);
-    thisObject->m_typedArrayProto.visit(visitor);
-    thisObject->m_typedArraySuperConstructor.visit(visitor);
+    for (unsigned i = NUMBER_OF_TYPED_ARRAY_TYPES; i--;) {
+        visitor.append(&thisObject->m_typedArrays[i].prototype);
+        visitor.append(&thisObject->m_typedArrays[i].constructor);
+        visitor.append(&thisObject->m_typedArrays[i].structure);
+    }
 }
 
 JSValue JSGlobalObject::toThis(JSCell*, ExecState* exec, ECMAMode ecmaMode)
@@ -1157,7 +1060,7 @@ void JSGlobalObject::addStaticGlobals(GlobalPropertyInfo* globals, int count)
 bool JSGlobalObject::getOwnPropertySlot(JSObject* object, ExecState* exec, PropertyName propertyName, PropertySlot& slot)
 {
     JSGlobalObject* thisObject = jsCast<JSGlobalObject*>(object);
-    if (getStaticPropertySlot<JSGlobalObject, Base>(exec, globalObjectTable, thisObject, propertyName, slot))
+    if (getStaticFunctionSlot<Base>(exec, globalObjectTable, thisObject, propertyName, slot))
         return true;
     return symbolTableGet(thisObject, propertyName, slot);
 }
index c3459ae..8bb14c3 100644 (file)
@@ -31,8 +31,6 @@
 #include "JSProxy.h"
 #include "JSSegmentedVariableObject.h"
 #include "JSWeakObjectMapRefInternal.h"
-#include "LazyProperty.h"
-#include "LazyClassStructure.h"
 #include "NumberPrototype.h"
 #include "RuntimeFlags.h"
 #include "SpecialPointer.h"
@@ -77,8 +75,6 @@ class JSPromise;
 class JSPromiseConstructor;
 class JSPromisePrototype;
 class JSStack;
-class JSTypedArrayViewConstructor;
-class JSTypedArrayViewPrototype;
 class LLIntOffsetsExtractor;
 class Microtask;
 class ModuleLoaderObject;
@@ -101,13 +97,18 @@ struct HashTable;
 #define DEFINE_STANDARD_BUILTIN(macro, upperName, lowerName) macro(upperName, lowerName, lowerName, JS ## upperName, upperName)
 
 #define FOR_EACH_SIMPLE_BUILTIN_TYPE_WITH_CONSTRUCTOR(macro) \
+    macro(Set, set, set, JSSet, Set) \
+    macro(Map, map, map, JSMap, Map) \
+    macro(Date, date, date, DateInstance, Date) \
     macro(String, string, stringObject, StringObject, String) \
     macro(Symbol, symbol, symbolObject, SymbolObject, Symbol) \
+    macro(Boolean, boolean, booleanObject, BooleanObject, Boolean) \
     macro(Number, number, numberObject, NumberObject, Number) \
     macro(Error, error, error, ErrorInstance, Error) \
-    macro(Map, map, map, JSMap, Map) \
     macro(JSPromise, promise, promise, JSPromise, Promise) \
     macro(JSArrayBuffer, arrayBuffer, arrayBuffer, JSArrayBuffer, ArrayBuffer) \
+    DEFINE_STANDARD_BUILTIN(macro, WeakMap, weakMap) \
+    DEFINE_STANDARD_BUILTIN(macro, WeakSet, weakSet) \
 
 #define FOR_EACH_BUILTIN_DERIVED_ITERATOR_TYPE(macro) \
     DEFINE_STANDARD_BUILTIN(macro, ArrayIterator, arrayIterator) \
@@ -123,13 +124,6 @@ struct HashTable;
     FOR_EACH_SIMPLE_BUILTIN_TYPE_WITH_CONSTRUCTOR(macro) \
     macro(JSInternalPromise, internalPromise, internalPromise, JSInternalPromise, InternalPromise) \
 
-#define FOR_EACH_LAZY_BUILTIN_TYPE(macro) \
-    macro(Set, set, set, JSSet, Set) \
-    macro(Date, date, date, DateInstance, Date) \
-    macro(Boolean, boolean, booleanObject, BooleanObject, Boolean) \
-    DEFINE_STANDARD_BUILTIN(macro, WeakMap, weakMap) \
-    DEFINE_STANDARD_BUILTIN(macro, WeakSet, weakSet) \
-
 #define DECLARE_SIMPLE_BUILTIN_TYPE(capitalName, lowerName, properName, instanceType, jsName) \
     class JS ## capitalName; \
     class capitalName ## Prototype; \
@@ -137,15 +131,10 @@ struct HashTable;
 
 class IteratorPrototype;
 FOR_EACH_SIMPLE_BUILTIN_TYPE(DECLARE_SIMPLE_BUILTIN_TYPE)
-FOR_EACH_LAZY_BUILTIN_TYPE(DECLARE_SIMPLE_BUILTIN_TYPE)
 FOR_EACH_BUILTIN_DERIVED_ITERATOR_TYPE(DECLARE_SIMPLE_BUILTIN_TYPE)
 
 #undef DECLARE_SIMPLE_BUILTIN_TYPE
 
-class JSInternalPromise;
-class InternalPromisePrototype;
-class InternalPromiseConstructor;
-
 typedef Vector<ExecState*, 16> ExecStateStack;
 
 struct GlobalObjectMethodTable {
@@ -208,11 +197,7 @@ private:
         OpaqueJSClassDataMap opaqueJSClassData;
     };
 
-// Our hashtable code-generator tries to access these properties, so we make them public.
-// However, we'd like it better if they could be protected.
-public:
-    template<typename T> using Initializer = typename LazyProperty<JSGlobalObject, T>::Initializer;
-    
+protected:
     Register m_globalCallFrame[JSStack::CallFrameHeaderSize];
 
     WriteBarrier<JSObject> m_globalThis;
@@ -221,14 +206,12 @@ public:
     WriteBarrier<JSObject> m_globalCallee;
     WriteBarrier<RegExpConstructor> m_regExpConstructor;
     WriteBarrier<ErrorConstructor> m_errorConstructor;
-    WriteBarrier<Structure> m_nativeErrorPrototypeStructure;
-    WriteBarrier<Structure> m_nativeErrorStructure;
-    LazyProperty<JSGlobalObject, NativeErrorConstructor> m_evalErrorConstructor;
+    WriteBarrier<NativeErrorConstructor> m_evalErrorConstructor;
     WriteBarrier<NativeErrorConstructor> m_rangeErrorConstructor;
-    LazyProperty<JSGlobalObject, NativeErrorConstructor> m_referenceErrorConstructor;
-    LazyProperty<JSGlobalObject, NativeErrorConstructor> m_syntaxErrorConstructor;
+    WriteBarrier<NativeErrorConstructor> m_referenceErrorConstructor;
+    WriteBarrier<NativeErrorConstructor> m_syntaxErrorConstructor;
     WriteBarrier<NativeErrorConstructor> m_typeErrorConstructor;
-    LazyProperty<JSGlobalObject, NativeErrorConstructor> m_URIErrorConstructor;
+    WriteBarrier<NativeErrorConstructor> m_URIErrorConstructor;
     WriteBarrier<ObjectConstructor> m_objectConstructor;
     WriteBarrier<JSPromiseConstructor> m_promiseConstructor;
     WriteBarrier<JSInternalPromiseConstructor> m_internalPromiseConstructor;
@@ -242,16 +225,16 @@ public:
     WriteBarrier<JSFunction> m_callFunction;
     WriteBarrier<JSFunction> m_applyFunction;
     WriteBarrier<JSFunction> m_definePropertyFunction;
-    LazyProperty<JSGlobalObject, JSFunction> m_arrayProtoValuesFunction;
-    LazyProperty<JSGlobalObject, JSFunction> m_initializePromiseFunction;
+    WriteBarrier<JSFunction> m_arrayProtoValuesFunction;
+    WriteBarrier<JSFunction> m_initializePromiseFunction;
     WriteBarrier<JSFunction> m_newPromiseCapabilityFunction;
     WriteBarrier<JSFunction> m_functionProtoHasInstanceSymbolFunction;
-    LazyProperty<JSGlobalObject, GetterSetter> m_throwTypeErrorGetterSetter;
     WriteBarrier<JSObject> m_regExpProtoExec;
     WriteBarrier<JSObject> m_regExpProtoSymbolReplace;
     WriteBarrier<JSObject> m_regExpProtoGlobalGetter;
     WriteBarrier<JSObject> m_regExpProtoUnicodeGetter;
-    LazyProperty<JSGlobalObject, GetterSetter> m_throwTypeErrorArgumentsAndCallerGetterSetter;
+    WriteBarrier<GetterSetter> m_throwTypeErrorGetterSetter;
+    WriteBarrier<GetterSetter> m_throwTypeErrorArgumentsAndCallerGetterSetter;
 
     WriteBarrier<ModuleLoaderObject> m_moduleLoader;
 
@@ -263,11 +246,11 @@ public:
     WriteBarrier<GeneratorFunctionPrototype> m_generatorFunctionPrototype;
     WriteBarrier<GeneratorPrototype> m_generatorPrototype;
 
-    LazyProperty<JSGlobalObject, Structure> m_debuggerScopeStructure;
-    LazyProperty<JSGlobalObject, Structure> m_withScopeStructure;
+    WriteBarrier<Structure> m_debuggerScopeStructure;
+    WriteBarrier<Structure> m_withScopeStructure;
     WriteBarrier<Structure> m_strictEvalActivationStructure;
     WriteBarrier<Structure> m_lexicalEnvironmentStructure;
-    LazyProperty<JSGlobalObject, Structure> m_moduleEnvironmentStructure;
+    WriteBarrier<Structure> m_moduleEnvironmentStructure;
     WriteBarrier<Structure> m_directArgumentsStructure;
     WriteBarrier<Structure> m_scopedArgumentsStructure;
     WriteBarrier<Structure> m_clonedArgumentsStructure;
@@ -278,27 +261,28 @@ public:
     // These structures will differ from the originals list above when we are having a bad time.
     WriteBarrier<Structure> m_arrayStructureForIndexingShapeDuringAllocation[NumberOfIndexingShapes];
 
-    LazyProperty<JSGlobalObject, Structure> m_callbackConstructorStructure;
-    LazyProperty<JSGlobalObject, Structure> m_callbackFunctionStructure;
-    LazyProperty<JSGlobalObject, Structure> m_callbackObjectStructure;
+    WriteBarrier<Structure> m_callbackConstructorStructure;
+    WriteBarrier<Structure> m_callbackFunctionStructure;
+    WriteBarrier<Structure> m_callbackObjectStructure;
     WriteBarrier<Structure> m_propertyNameIteratorStructure;
 #if JSC_OBJC_API_ENABLED
-    LazyProperty<JSGlobalObject, Structure> m_objcCallbackFunctionStructure;
-    LazyProperty<JSGlobalObject, Structure> m_objcWrapperObjectStructure;
+    WriteBarrier<Structure> m_objcCallbackFunctionStructure;
+    WriteBarrier<Structure> m_objcWrapperObjectStructure;
 #endif
-    LazyProperty<JSGlobalObject, Structure> m_nullPrototypeObjectStructure;
+    WriteBarrier<Structure> m_nullPrototypeObjectStructure;
     WriteBarrier<Structure> m_calleeStructure;
     WriteBarrier<Structure> m_functionStructure;
-    LazyProperty<JSGlobalObject, Structure> m_boundFunctionStructure;
-    LazyProperty<JSGlobalObject, Structure> m_boundSlotBaseFunctionStructure;
+    WriteBarrier<Structure> m_boundFunctionStructure;
+    WriteBarrier<Structure> m_boundSlotBaseFunctionStructure;
     WriteBarrier<Structure> m_getterSetterStructure;
-    LazyProperty<JSGlobalObject, Structure> m_nativeStdFunctionStructure;
-    LazyProperty<JSGlobalObject, Structure> m_namedFunctionStructure;
+    WriteBarrier<Structure> m_nativeStdFunctionStructure;
+    WriteBarrier<Structure> m_namedFunctionStructure;
     PropertyOffset m_functionNameOffset;
     WriteBarrier<Structure> m_privateNameStructure;
     WriteBarrier<Structure> m_regExpStructure;
     WriteBarrier<Structure> m_generatorFunctionStructure;
     WriteBarrier<Structure> m_dollarVMStructure;
+    WriteBarrier<Structure> m_internalFunctionStructure;
     WriteBarrier<Structure> m_iteratorResultObjectStructure;
     WriteBarrier<Structure> m_regExpMatchesArrayStructure;
     WriteBarrier<Structure> m_regExpMatchesArraySlowPutStructure;
@@ -316,27 +300,17 @@ public:
     WriteBarrier<Structure> m_ ## properName ## Structure;
 
     FOR_EACH_SIMPLE_BUILTIN_TYPE(DEFINE_STORAGE_FOR_SIMPLE_TYPE)
+    FOR_EACH_BUILTIN_DERIVED_ITERATOR_TYPE(DEFINE_STORAGE_FOR_SIMPLE_TYPE)
 
 #undef DEFINE_STORAGE_FOR_SIMPLE_TYPE
 
-#define DEFINE_STORAGE_FOR_ITERATOR_TYPE(capitalName, lowerName, properName, instanceType, jsName) \
-    LazyProperty<JSGlobalObject, Structure> m_ ## properName ## Structure;
-    FOR_EACH_BUILTIN_DERIVED_ITERATOR_TYPE(DEFINE_STORAGE_FOR_ITERATOR_TYPE)
-#undef DEFINE_STORAGE_FOR_ITERATOR_TYPE
-    
-#define DEFINE_STORAGE_FOR_LAZY_TYPE(capitalName, lowerName, properName, instanceType, jsName) \
-    LazyClassStructure m_ ## properName ## Structure;
-    FOR_EACH_LAZY_BUILTIN_TYPE(DEFINE_STORAGE_FOR_LAZY_TYPE)
-#undef DEFINE_STORAGE_FOR_LAZY_TYPE
-
-    WriteBarrier<GetterSetter> m_speciesGetterSetter;
-    
-    LazyProperty<JSGlobalObject, JSTypedArrayViewPrototype> m_typedArrayProto;
-    LazyProperty<JSGlobalObject, JSTypedArrayViewConstructor> m_typedArraySuperConstructor;
+    struct TypedArrayData {
+        WriteBarrier<JSObject> prototype;
+        WriteBarrier<InternalFunction> constructor;
+        WriteBarrier<Structure> structure;
+    };
     
-#define DECLARE_TYPED_ARRAY_TYPE_STRUCTURE(name) LazyClassStructure m_typedArray ## name;
-    FOR_EACH_TYPED_ARRAY_TYPE(DECLARE_TYPED_ARRAY_TYPE_STRUCTURE)
-#undef DECLARE_TYPED_ARRAY_TYPE_STRUCTURE
+    std::array<TypedArrayData, NUMBER_OF_TYPED_ARRAY_TYPES> m_typedArrays;
 
     JSCell* m_specialPointers[Special::TableSize]; // Special pointers used by the LLInt and JIT.
     JSCell* m_linkTimeConstants[LinkTimeConstantCount];
@@ -463,12 +437,12 @@ public:
     ObjectConstructor* objectConstructor() const { return m_objectConstructor.get(); }
     JSPromiseConstructor* promiseConstructor() const { return m_promiseConstructor.get(); }
     JSInternalPromiseConstructor* internalPromiseConstructor() const { return m_internalPromiseConstructor.get(); }
-    NativeErrorConstructor* evalErrorConstructor() const { return m_evalErrorConstructor.get(this); }
+    NativeErrorConstructor* evalErrorConstructor() const { return m_evalErrorConstructor.get(); }
     NativeErrorConstructor* rangeErrorConstructor() const { return m_rangeErrorConstructor.get(); }
-    NativeErrorConstructor* referenceErrorConstructor() const { return m_referenceErrorConstructor.get(this); }
-    NativeErrorConstructor* syntaxErrorConstructor() const { return m_syntaxErrorConstructor.get(this); }
+    NativeErrorConstructor* referenceErrorConstructor() const { return m_referenceErrorConstructor.get(); }
+    NativeErrorConstructor* syntaxErrorConstructor() const { return m_syntaxErrorConstructor.get(); }
     NativeErrorConstructor* typeErrorConstructor() const { return m_typeErrorConstructor.get(); }
-    NativeErrorConstructor* URIErrorConstructor() const { return m_URIErrorConstructor.get(this); }
+    NativeErrorConstructor* URIErrorConstructor() const { return m_URIErrorConstructor.get(); }
 
     NullGetterFunction* nullGetterFunction() const { return m_nullGetterFunction.get(); }
     NullSetterFunction* nullSetterFunction() const { return m_nullSetterFunction.get(); }
@@ -479,22 +453,26 @@ public:
     JSFunction* callFunction() const { return m_callFunction.get(); }
     JSFunction* applyFunction() const { return m_applyFunction.get(); }
     JSFunction* definePropertyFunction() const { return m_definePropertyFunction.get(); }
-    JSFunction* arrayProtoValuesFunction() const { return m_arrayProtoValuesFunction.get(this); }
-    JSFunction* initializePromiseFunction() const { return m_initializePromiseFunction.get(this); }
+    JSFunction* arrayProtoValuesFunction() const { return m_arrayProtoValuesFunction.get(); }
+    JSFunction* initializePromiseFunction() const { return m_initializePromiseFunction.get(); }
     JSFunction* newPromiseCapabilityFunction() const { return m_newPromiseCapabilityFunction.get(); }
     JSFunction* functionProtoHasInstanceSymbolFunction() const { return m_functionProtoHasInstanceSymbolFunction.get(); }
     JSObject* regExpProtoExecFunction() const { return m_regExpProtoExec.get(); }
     JSObject* regExpProtoSymbolReplaceFunction() const { return m_regExpProtoSymbolReplace.get(); }
     JSObject* regExpProtoGlobalGetter() const { return m_regExpProtoGlobalGetter.get(); }
     JSObject* regExpProtoUnicodeGetter() const { return m_regExpProtoUnicodeGetter.get(); }
-    GetterSetter* throwTypeErrorGetterSetter()
+    GetterSetter* throwTypeErrorGetterSetter(VM& vm)
     {
-        return m_throwTypeErrorGetterSetter.get(this);
+        if (!m_throwTypeErrorGetterSetter)
+            createThrowTypeError(vm);
+        return m_throwTypeErrorGetterSetter.get();
     }
 
-    GetterSetter* throwTypeErrorArgumentsAndCallerGetterSetter()
+    GetterSetter* throwTypeErrorArgumentsAndCallerGetterSetter(VM& vm)
     {
-        return m_throwTypeErrorArgumentsAndCallerGetterSetter.get(this);
+        if (!m_throwTypeErrorArgumentsAndCallerGetterSetter)
+            createThrowTypeErrorArgumentsAndCaller(vm);
+        return m_throwTypeErrorArgumentsAndCallerGetterSetter.get();
     }
     
     ModuleLoaderObject* moduleLoader() const { return m_moduleLoader.get(); }
@@ -502,22 +480,22 @@ public:
     ObjectPrototype* objectPrototype() const { return m_objectPrototype.get(); }
     FunctionPrototype* functionPrototype() const { return m_functionPrototype.get(); }
     ArrayPrototype* arrayPrototype() const { return m_arrayPrototype.get(); }
-    JSObject* booleanPrototype() const { return m_booleanObjectStructure.prototype(this); }
+    BooleanPrototype* booleanPrototype() const { return m_booleanPrototype.get(); }
     StringPrototype* stringPrototype() const { return m_stringPrototype.get(); }
     SymbolPrototype* symbolPrototype() const { return m_symbolPrototype.get(); }
-    JSObject* numberPrototype() const { return m_numberPrototype.get(); }
-    JSObject* datePrototype() const { return m_dateStructure.prototype(this); }
+    NumberPrototype* numberPrototype() const { return m_numberPrototype.get(); }
+    DatePrototype* datePrototype() const { return m_datePrototype.get(); }
     RegExpPrototype* regExpPrototype() const { return m_regExpPrototype.get(); }
     ErrorPrototype* errorPrototype() const { return m_errorPrototype.get(); }
     IteratorPrototype* iteratorPrototype() const { return m_iteratorPrototype.get(); }
     GeneratorFunctionPrototype* generatorFunctionPrototype() const { return m_generatorFunctionPrototype.get(); }
     GeneratorPrototype* generatorPrototype() const { return m_generatorPrototype.get(); }
 
-    Structure* debuggerScopeStructure() const { return m_debuggerScopeStructure.get(this); }
-    Structure* withScopeStructure() const { return m_withScopeStructure.get(this); }
+    Structure* debuggerScopeStructure() const { return m_debuggerScopeStructure.get(); }
+    Structure* withScopeStructure() const { return m_withScopeStructure.get(); }
     Structure* strictEvalActivationStructure() const { return m_strictEvalActivationStructure.get(); }
     Structure* activationStructure() const { return m_lexicalEnvironmentStructure.get(); }
-    Structure* moduleEnvironmentStructure() const { return m_moduleEnvironmentStructure.get(this); }
+    Structure* moduleEnvironmentStructure() const { return m_moduleEnvironmentStructure.get(); }
     Structure* directArgumentsStructure() const { return m_directArgumentsStructure.get(); }
     Structure* scopedArgumentsStructure() const { return m_scopedArgumentsStructure.get(); }
     Structure* clonedArgumentsStructure() const { return m_clonedArgumentsStructure.get(); }
@@ -545,32 +523,33 @@ public:
         return originalArrayStructureForIndexingType(structure->indexingType() | IsArray) == structure;
     }
         
-    Structure* booleanObjectStructure() const { return m_booleanObjectStructure.get(this); }
-    Structure* callbackConstructorStructure() const { return m_callbackConstructorStructure.get(this); }
-    Structure* callbackFunctionStructure() const { return m_callbackFunctionStructure.get(this); }
-    Structure* callbackObjectStructure() const { return m_callbackObjectStructure.get(this); }
+    Structure* booleanObjectStructure() const { return m_booleanObjectStructure.get(); }
+    Structure* callbackConstructorStructure() const { return m_callbackConstructorStructure.get(); }
+    Structure* callbackFunctionStructure() const { return m_callbackFunctionStructure.get(); }
+    Structure* callbackObjectStructure() const { return m_callbackObjectStructure.get(); }
     Structure* propertyNameIteratorStructure() const { return m_propertyNameIteratorStructure.get(); }
 #if JSC_OBJC_API_ENABLED
-    Structure* objcCallbackFunctionStructure() const { return m_objcCallbackFunctionStructure.get(this); }
-    Structure* objcWrapperObjectStructure() const { return m_objcWrapperObjectStructure.get(this); }
+    Structure* objcCallbackFunctionStructure() const { return m_objcCallbackFunctionStructure.get(); }
+    Structure* objcWrapperObjectStructure() const { return m_objcWrapperObjectStructure.get(); }
 #endif
-    Structure* dateStructure() const { return m_dateStructure.get(this); }
-    Structure* nullPrototypeObjectStructure() const { return m_nullPrototypeObjectStructure.get(this); }
+    Structure* dateStructure() const { return m_dateStructure.get(); }
+    Structure* nullPrototypeObjectStructure() const { return m_nullPrototypeObjectStructure.get(); }
     Structure* errorStructure() const { return m_errorStructure.get(); }
     Structure* calleeStructure() const { return m_calleeStructure.get(); }
     Structure* functionStructure() const { return m_functionStructure.get(); }
-    Structure* boundFunctionStructure() const { return m_boundFunctionStructure.get(this); }
-    Structure* boundSlotBaseFunctionStructure() const { return m_boundSlotBaseFunctionStructure.get(this); }
+    Structure* boundFunctionStructure() const { return m_boundFunctionStructure.get(); }
+    Structure* boundSlotBaseFunctionStructure() const { return m_boundSlotBaseFunctionStructure.get(); }
     Structure* getterSetterStructure() const { return m_getterSetterStructure.get(); }
-    Structure* nativeStdFunctionStructure() const { return m_nativeStdFunctionStructure.get(this); }
-    Structure* namedFunctionStructure() const { return m_namedFunctionStructure.get(this); }
+    Structure* nativeStdFunctionStructure() const { return m_nativeStdFunctionStructure.get(); }
+    Structure* namedFunctionStructure() const { return m_namedFunctionStructure.get(); }
     PropertyOffset functionNameOffset() const { return m_functionNameOffset; }
     Structure* numberObjectStructure() const { return m_numberObjectStructure.get(); }
     Structure* privateNameStructure() const { return m_privateNameStructure.get(); }
+    Structure* internalFunctionStructure() const { return m_internalFunctionStructure.get(); }
     Structure* mapStructure() const { return m_mapStructure.get(); }
     Structure* regExpStructure() const { return m_regExpStructure.get(); }
     Structure* generatorFunctionStructure() const { return m_generatorFunctionStructure.get(); }
-    Structure* setStructure() const { return m_setStructure.get(this); }
+    Structure* setStructure() const { return m_setStructure.get(); }
     Structure* stringObjectStructure() const { return m_stringObjectStructure.get(); }
     Structure* symbolObjectStructure() const { return m_symbolObjectStructure.get(); }
     Structure* iteratorResultObjectStructure() const { return m_iteratorResultObjectStructure.get(); }
@@ -615,60 +594,25 @@ public:
     Structure* properName ## Structure() { return m_ ## properName ## Structure.get(); }
 
     FOR_EACH_SIMPLE_BUILTIN_TYPE(DEFINE_ACCESSORS_FOR_SIMPLE_TYPE)
+    FOR_EACH_BUILTIN_DERIVED_ITERATOR_TYPE(DEFINE_ACCESSORS_FOR_SIMPLE_TYPE)
 
 #undef DEFINE_ACCESSORS_FOR_SIMPLE_TYPE
 
-#define DEFINE_ACCESSORS_FOR_ITERATOR_TYPE(capitalName, lowerName, properName, instanceType, jsName) \
-    Structure* properName ## Structure() { return m_ ## properName ## Structure.get(this); }
-
-    FOR_EACH_BUILTIN_DERIVED_ITERATOR_TYPE(DEFINE_ACCESSORS_FOR_ITERATOR_TYPE)
-
-#undef DEFINE_ACCESSORS_FOR_ITERATOR_TYPE
-
-#define DEFINE_ACCESSORS_FOR_LAZY_TYPE(capitalName, lowerName, properName, instanceType, jsName) \
-    Structure* properName ## Structure() { return m_ ## properName ## Structure.get(this); }
-
-    FOR_EACH_LAZY_BUILTIN_TYPE(DEFINE_ACCESSORS_FOR_LAZY_TYPE)
-
-#undef DEFINE_ACCESSORS_FOR_LAZY_TYPE
-
-    LazyClassStructure& lazyTypedArrayStructure(TypedArrayType type)
-    {
-        switch (type) {
-        case NotTypedArray:
-            RELEASE_ASSERT_NOT_REACHED();
-            return m_typedArrayInt8;
-#define TYPED_ARRAY_TYPE_CASE(name) case Type ## name: return m_typedArray ## name;
-            FOR_EACH_TYPED_ARRAY_TYPE(TYPED_ARRAY_TYPE_CASE)
-#undef TYPED_ARRAY_TYPE_CASE
-        }
-        RELEASE_ASSERT_NOT_REACHED();
-        return m_typedArrayInt8;
-    }
-    const LazyClassStructure& lazyTypedArrayStructure(TypedArrayType type) const
-    {
-        return const_cast<const LazyClassStructure&>(const_cast<JSGlobalObject*>(this)->lazyTypedArrayStructure(type));
-    }
-    
     Structure* typedArrayStructure(TypedArrayType type) const
     {
-        return lazyTypedArrayStructure(type).get(this);
-    }
-    Structure* typedArrayStructureConcurrently(TypedArrayType type) const
-    {
-        return lazyTypedArrayStructure(type).getConcurrently();
+        return m_typedArrays[toIndex(type)].structure.get();
     }
     bool isOriginalTypedArrayStructure(Structure* structure)
     {
         TypedArrayType type = structure->classInfo()->typedArrayStorageType;
         if (type == NotTypedArray)
             return false;
-        return typedArrayStructureConcurrently(type) == structure;
+        return typedArrayStructure(type) == structure;
     }
 
     JSObject* typedArrayConstructor(TypedArrayType type) const
     {
-        return lazyTypedArrayStructure(type).constructor(this);
+        return m_typedArrays[toIndex(type)].constructor.get();
     }
 
     JSCell* actualPointerFor(Special::Pointer pointer)
@@ -795,6 +739,9 @@ private:
 
     JS_EXPORT_PRIVATE void init(VM&);
 
+    void createThrowTypeError(VM&);
+    void createThrowTypeErrorArgumentsAndCaller(VM&);
+
     JS_EXPORT_PRIVATE static void clearRareData(JSCell*);
 };
 
index 6ffb095..f11a865 100644 (file)
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2015-2016 Apple Inc. All rights reserved.
+ * Copyright (C) 2015 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -68,8 +68,7 @@ JSNativeStdFunction* JSNativeStdFunction::create(VM& vm, JSGlobalObject* globalO
 {
     NativeExecutable* executable = lookUpOrCreateNativeExecutable(vm, runStdFunction, intrinsic, nativeConstructor, name);
     NativeStdFunctionCell* functionCell = NativeStdFunctionCell::create(vm, WTFMove(nativeStdFunction));
-    Structure* structure = globalObject->nativeStdFunctionStructure();
-    JSNativeStdFunction* function = new (NotNull, allocateCell<JSNativeStdFunction>(vm.heap)) JSNativeStdFunction(vm, globalObject, structure);
+    JSNativeStdFunction* function = new (NotNull, allocateCell<JSNativeStdFunction>(vm.heap)) JSNativeStdFunction(vm, globalObject, globalObject->nativeStdFunctionStructure());
     function->finishCreation(vm, executable, length, name, functionCell);
     return function;
 }
index 08b6c68..1ffe8d1 100644 (file)
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2012, 2016 Apple Inc. All Rights Reserved.
+ * Copyright (C) 2012 Apple Inc. All Rights Reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -32,15 +32,6 @@ namespace JSC {
 
 const ClassInfo JSWithScope::s_info = { "WithScope", &Base::s_info, 0, CREATE_METHOD_TABLE(JSWithScope) };
 
-JSWithScope* JSWithScope::create(
-    VM& vm, JSGlobalObject* globalObject, JSObject* object, JSScope* next)
-{
-    Structure* structure = globalObject->withScopeStructure();
-    JSWithScope* withScope = new (NotNull, allocateCell<JSWithScope>(vm.heap)) JSWithScope(vm, structure, object, next);
-    withScope->finishCreation(vm);
-    return withScope;
-}
-
 void JSWithScope::visitChildren(JSCell* cell, SlotVisitor& visitor)
 {
     JSWithScope* thisObject = jsCast<JSWithScope*>(cell);
@@ -49,15 +40,4 @@ void JSWithScope::visitChildren(JSCell* cell, SlotVisitor& visitor)
     visitor.append(&thisObject->m_object);
 }
 
-Structure* JSWithScope::createStructure(VM& vm, JSGlobalObject* globalObject, JSValue proto)
-{
-    return Structure::create(vm, globalObject, proto, TypeInfo(WithScopeType, StructureFlags), info());
-}
-
-JSWithScope::JSWithScope(VM& vm, Structure* structure, JSObject* object, JSScope* next)
-    : Base(vm, structure, next)
-    , m_object(vm, this, object)
-{
-}
-
 } // namespace JSC
index 1f297e3..8e5d09f 100644 (file)
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2012, 2016 Apple Inc. All Rights Reserved.
+ * Copyright (C) 2012 Apple Inc. All Rights Reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -34,18 +34,34 @@ class JSWithScope : public JSScope {
 public:
     typedef JSScope Base;
 
-    JS_EXPORT_PRIVATE static JSWithScope* create(VM&, JSGlobalObject*, JSObject*, JSScope* next);
+    static JSWithScope* create(ExecState* exec, JSObject* object, JSScope* next)
+    {
+        JSWithScope* withScope = new (NotNull, allocateCell<JSWithScope>(*exec->heap())) JSWithScope(exec, object, next);
+        withScope->finishCreation(exec->vm());
+        return withScope;
+    }
 
     JSObject* object() { return m_object.get(); }
 
     static void visitChildren(JSCell*, SlotVisitor&);
 
-    static Structure* createStructure(VM&, JSGlobalObject*, JSValue proto);
+    static Structure* createStructure(VM& vm, JSGlobalObject* globalObject, JSValue proto)
+    {
+        return Structure::create(vm, globalObject, proto, TypeInfo(WithScopeType, StructureFlags), info());
+    }
 
     DECLARE_EXPORT_INFO;
 
 private:
-    JSWithScope(VM&, Structure*, JSObject*, JSScope* next);
+    JSWithScope(ExecState* exec, JSObject* object, JSScope* next)
+        : Base(
+            exec->vm(),
+            exec->lexicalGlobalObject()->withScopeStructure(),
+            next
+        )
+        , m_object(exec->vm(), this, object)
+    {
+    }
 
     WriteBarrier<JSObject> m_object;
 };
diff --git a/Source/JavaScriptCore/runtime/LazyClassStructure.cpp b/Source/JavaScriptCore/runtime/LazyClassStructure.cpp
deleted file mode 100644 (file)
index dbaf833..0000000
+++ /dev/null
@@ -1,102 +0,0 @@
-/*
- * Copyright (C) 2016 Apple Inc. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
- * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
- * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
- * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
- * THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-#include "config.h"
-#include "LazyClassStructure.h"
-
-#include "JSCInlines.h"
-#include "LazyPropertyInlines.h"
-
-namespace JSC {
-
-LazyClassStructure::Initializer::Initializer(VM& vm, JSGlobalObject* global, LazyClassStructure& classStructure, const StructureInitializer& structureInit)
-    : vm(vm)
-    , global(global)
-    , classStructure(classStructure)
-    , structureInit(structureInit)
-{
-}
-
-void LazyClassStructure::Initializer::setPrototype(JSObject* prototype)
-{
-    RELEASE_ASSERT(!this->prototype);
-    RELEASE_ASSERT(!structure);
-    RELEASE_ASSERT(!constructor);
-    
-    this->prototype = prototype;
-}
-
-void LazyClassStructure::Initializer::setStructure(Structure* structure)
-{
-    RELEASE_ASSERT(!this->structure);
-    RELEASE_ASSERT(!constructor);
-
-    this->structure = structure;
-    structureInit.set(structure);
-    
-    if (!prototype)
-        prototype = structure->storedPrototypeObject();
-}
-
-void LazyClassStructure::Initializer::setConstructor(PropertyName propertyName, JSObject* constructor)
-{
-    RELEASE_ASSERT(structure);
-    RELEASE_ASSERT(prototype);
-    RELEASE_ASSERT(!this->constructor);
-    
-    this->constructor = constructor;
-
-    prototype->putDirectWithoutTransition(vm, vm.propertyNames->constructor, constructor, DontEnum);
-    if (!propertyName.isNull())
-        global->putDirect(vm, propertyName, constructor, DontEnum);
-    classStructure.m_constructor.set(vm, global, constructor);
-}
-
-void LazyClassStructure::Initializer::setConstructor(JSObject* constructor)
-{
-    String name;
-    if (InternalFunction* internalFunction = jsDynamicCast<InternalFunction*>(constructor))
-        name = internalFunction->name();
-    else if (JSFunction* function = jsDynamicCast<JSFunction*>(constructor))
-        name = function->name();
-    else
-        RELEASE_ASSERT_NOT_REACHED();
-    
-    setConstructor(Identifier::fromString(&vm, name), constructor);
-}
-
-void LazyClassStructure::visit(SlotVisitor& visitor)
-{
-    m_structure.visit(visitor);
-    visitor.append(&m_constructor);
-}
-
-void LazyClassStructure::dump(PrintStream& out) const
-{
-    out.print("<structure = ", m_structure, ", constructor = ", RawPointer(m_constructor.get()), ">");
-}
-
-} // namespace JSC
-
diff --git a/Source/JavaScriptCore/runtime/LazyClassStructure.h b/Source/JavaScriptCore/runtime/LazyClassStructure.h
deleted file mode 100644 (file)
index a5e6188..0000000
+++ /dev/null
@@ -1,129 +0,0 @@
-/*
- * Copyright (C) 2016 Apple Inc. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
- * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
- * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
- * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
- * THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-#ifndef LazyClassStructure_h
-#define LazyClassStructure_h
-
-#include "LazyProperty.h"
-#include "Structure.h"
-
-namespace JSC {
-
-class JSGlobalObject;
-class VM;
-
-class LazyClassStructure {
-    typedef LazyProperty<JSGlobalObject, Structure>::Initializer StructureInitializer;
-    
-public:
-    struct Initializer {
-        Initializer(VM&, JSGlobalObject*, LazyClassStructure&, const StructureInitializer&);
-        
-        // This should be called first or not at all.
-        void setPrototype(JSObject* prototype);
-        
-        // If this is called after setPrototype() then it just sets the structure. If this is
-        // called first then it sets the prototype by extracting it from the structure.
-        void setStructure(Structure*);
-        
-        // Call this last. It's expected that the constructor is initialized to point to the
-        // prototype already. This will automatically set prototype.constructor=constructor.
-        // This will also stuff the constructor into the global object at the given property.
-        // Note that the variant that does not take a property name attempts to deduce it by
-        // casting constructor to either JSFunction or InternalFunction. Also, you can pass
-        // nullptr for the property name, in which case we don't assign the property to the
-        // global object.
-        void setConstructor(PropertyName, JSObject* constructor);
-        void setConstructor(JSObject* constructor);
-        
-        VM& vm;
-        JSGlobalObject* global;
-        LazyClassStructure& classStructure;
-        const StructureInitializer& structureInit;
-        
-        // It's expected that you set these using the set methods above.
-        JSObject* prototype { nullptr };
-        Structure* structure { nullptr };
-        JSObject* constructor { nullptr };
-    };
-    
-    LazyClassStructure()
-    {
-    }
-    
-    template<typename Callback>
-    void initLater(const Callback&);
-    
-    Structure* get(const JSGlobalObject* global) const
-    {
-        ASSERT(!isCompilationThread());
-        return m_structure.get(global);
-    }
-    
-    JSObject* prototype(const JSGlobalObject* global) const
-    {
-        ASSERT(!isCompilationThread());
-        return get(global)->storedPrototypeObject();
-    }
-
-    // Almost as an afterthought, we also support getting the original constructor. This turns
-    // out to be important for ES6 support.
-    JSObject* constructor(const JSGlobalObject* global) const
-    {
-        ASSERT(!isCompilationThread());
-        m_structure.get(global);
-        return m_constructor.get();
-    }
-    
-    Structure* getConcurrently() const
-    {
-        return m_structure.getConcurrently();
-    }
-    
-    JSObject* prototypeConcurrently() const
-    {
-        if (Structure* structure = getConcurrently())
-            return structure->storedPrototypeObject();
-        return nullptr;
-    }
-    
-    JSObject* constructorConcurrently() const
-    {
-        return m_constructor.get();
-    }
-    
-    void visit(SlotVisitor&);
-    
-    void dump(PrintStream&) const;
-
-private:
-    LazyProperty<JSGlobalObject, Structure> m_structure;
-    WriteBarrier<JSObject> m_constructor;
-};
-
-} // namespace JSC
-
-#endif // LazyClassStructure_h
-
diff --git a/Source/JavaScriptCore/runtime/LazyClassStructureInlines.h b/Source/JavaScriptCore/runtime/LazyClassStructureInlines.h
deleted file mode 100644 (file)
index f4056d8..0000000
+++ /dev/null
@@ -1,50 +0,0 @@
-/*
- * Copyright (C) 2016 Apple Inc. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
- * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
- * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
- * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
- * THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-#ifndef LazyClassStructureInlines_h
-#define LazyClassStructureInlines_h
-
-#include "LazyClassStructure.h"
-#include "LazyPropertyInlines.h"
-
-namespace JSC {
-
-template<typename Callback>
-void LazyClassStructure::initLater(const Callback&)
-{
-    m_structure.initLater(
-        [] (const StructureInitializer& structureInit) {
-            ptrdiff_t offset = OBJECT_OFFSETOF(LazyClassStructure, m_structure);
-            LazyClassStructure* thisStructure = bitwise_cast<LazyClassStructure*>(
-                bitwise_cast<char*>(&structureInit.property) - offset);
-            Initializer init(structureInit.vm, structureInit.owner, *thisStructure, structureInit);
-            callStatelessLambda<void, Callback>(init);
-        });
-}
-
-} // namespace JSC
-
-#endif // LazyClassStructureInlines_h
-
diff --git a/Source/JavaScriptCore/runtime/LazyProperty.h b/Source/JavaScriptCore/runtime/LazyProperty.h
deleted file mode 100644 (file)
index 1eca4e8..0000000
+++ /dev/null
@@ -1,118 +0,0 @@
-/*
- * Copyright (C) 2016 Apple Inc. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
- * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
- * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
- * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
- * THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-#ifndef LazyProperty_h
-#define LazyProperty_h
-
-#include "VM.h"
-
-namespace JSC {
-
-class JSCell;
-class SlotVisitor;
-class VM;
-
-// Note that if all you're doing is calling LazyProperty::get(), it's completely safe to bitcast
-// this LazyProperty<JSCell, JSCell>.
-template<typename OwnerType, typename ElementType>
-class LazyProperty {
-public:
-    struct Initializer {
-        Initializer(OwnerType* owner, LazyProperty& property)
-            : vm(*Heap::heap(owner)->vm())
-            , owner(owner)
-            , property(property)
-        {
-        }
-        
-        void set(ElementType* value) const;
-
-        VM& vm;
-        OwnerType* owner;
-        LazyProperty& property;
-    };
-    
-    LazyProperty()
-    {
-    }
-
-    // Tell the property to run the given callback next time someone tries to get the value
-    // using get(). The passed callback must be stateless. For example:
-    //
-    //     property.initLater(
-    //         [] (const LazyProperty<Foo, Bar>::Initializer& init) {
-    //             init.set(...things...);
-    //         });
-    //
-    // This method is always inlineable and should always compile to a store of a constant
-    // pointer no matter how complicated the callback is.
-    template<typename Func>
-    void initLater(const Func&);
-
-    // This lazily initializes the property. Note that this gracefully supports recursive calls.
-    // If this gets called while the property is being initialized, it will simply return null.
-    ElementType* get(const OwnerType* owner) const
-    {
-        ASSERT(!isCompilationThread());
-        if (UNLIKELY(m_pointer & lazyTag)) {
-            auto callFunc = bitwise_cast<ElementType* (*)(const Initializer&)>(m_pointer & ~lazyTag);
-            return callFunc(Initializer(const_cast<OwnerType*>(owner), *const_cast<LazyProperty*>(this)));
-        }
-        return bitwise_cast<ElementType*>(m_pointer);
-    }
-    
-    ElementType* getConcurrently() const
-    {
-        uintptr_t pointer = m_pointer;
-        if (pointer & lazyTag)
-            return nullptr;
-        return bitwise_cast<ElementType*>(pointer);
-    }
-    
-    void setMayBeNull(VM&, const OwnerType* owner, ElementType*);
-    void set(VM&, const OwnerType* owner, ElementType*);
-    
-    void visit(SlotVisitor&);
-    
-    void dump(PrintStream&) const;
-    
-private:
-    template<typename Func>
-    static ElementType* callFunc(const Initializer&);
-    
-    static const uintptr_t lazyTag = 1;
-    static const uintptr_t initializingTag = 2;
-    
-    uintptr_t m_pointer { 0 };
-};
-
-// It's valid to bitcast any LazyProperty to LazyCellProperty if you're just going to call get()
-// or getConcurrently().
-typedef LazyProperty<JSCell, JSCell> LazyCellProperty;
-
-} // namespace JSC
-
-#endif // LazyProperty_h
-
diff --git a/Source/JavaScriptCore/runtime/LazyPropertyInlines.h b/Source/JavaScriptCore/runtime/LazyPropertyInlines.h
deleted file mode 100644 (file)
index aecbd09..0000000
+++ /dev/null
@@ -1,102 +0,0 @@
-/*
- * Copyright (C) 2016 Apple Inc. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
- * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
- * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
- * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
- * THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-#ifndef LazyPropertyInlines_h
-#define LazyPropertyInlines_h
-
-#include "Heap.h"
-#include <wtf/StdLibExtras.h>
-
-namespace JSC {
-
-template<typename OwnerType, typename ElementType>
-void LazyProperty<OwnerType, ElementType>::Initializer::set(ElementType* value) const
-{
-    property.set(vm, owner, value);
-}
-
-template<typename OwnerType, typename ElementType>
-template<typename Func>
-void LazyProperty<OwnerType, ElementType>::initLater(const Func&)
-{
-    RELEASE_ASSERT(isStatelessLambda<Func>());
-    m_pointer = lazyTag | bitwise_cast<uintptr_t>(reinterpret_cast<void*>(callFunc<Func>));
-}
-
-template<typename OwnerType, typename ElementType>
-void LazyProperty<OwnerType, ElementType>::setMayBeNull(VM& vm, const OwnerType* owner, ElementType* value)
-{
-    vm.heap.writeBarrier(owner, value);
-    m_pointer = bitwise_cast<uintptr_t>(value);
-    RELEASE_ASSERT(!(m_pointer & lazyTag));
-}
-
-template<typename OwnerType, typename ElementType>
-void LazyProperty<OwnerType, ElementType>::set(VM& vm, const OwnerType* owner, ElementType* value)
-{
-    RELEASE_ASSERT(value);
-    setMayBeNull(vm, owner, value);
-}
-
-template<typename OwnerType, typename ElementType>
-void LazyProperty<OwnerType, ElementType>::visit(SlotVisitor& visitor)
-{
-    if (m_pointer && !(m_pointer & lazyTag))
-        visitor.appendUnbarrieredReadOnlyPointer(bitwise_cast<ElementType*>(m_pointer));
-}
-
-template<typename OwnerType, typename ElementType>
-void LazyProperty<OwnerType, ElementType>::dump(PrintStream& out) const
-{
-    if (!m_pointer) {
-        out.print("<null>");
-        return;
-    }
-    if (m_pointer & lazyTag) {
-        out.print("Lazy:", RawPointer(bitwise_cast<void*>(m_pointer & ~lazyTag)));
-        if (m_pointer & initializingTag)
-            out.print("(Initializing)");
-        return;
-    }
-    out.print(RawPointer(bitwise_cast<void*>(m_pointer)));
-}
-
-template<typename OwnerType, typename ElementType>
-template<typename Func>
-ElementType* LazyProperty<OwnerType, ElementType>::callFunc(const Initializer& initializer)
-{
-    if (initializer.property.m_pointer & initializingTag)
-        return nullptr;
-    initializer.property.m_pointer |= initializingTag;
-    callStatelessLambda<void, Func>(initializer);
-    RELEASE_ASSERT(!(initializer.property.m_pointer & lazyTag));
-    RELEASE_ASSERT(!(initializer.property.m_pointer & initializingTag));
-    return bitwise_cast<ElementType*>(initializer.property.m_pointer);
-}
-
-} // namespace JSC
-
-#endif // LazyPropertyInlines_h
-
index 2e41ca1..dcee6ba 100644 (file)
@@ -1,5 +1,5 @@
 /*
- *  Copyright (C) 2008, 2012, 2015-2016 Apple Inc. All rights reserved.
+ *  Copyright (C) 2008, 2012, 2015 Apple Inc. All rights reserved.
  *
  *  This library is free software; you can redistribute it and/or
  *  modify it under the terms of the GNU Lesser General Public
@@ -45,7 +45,7 @@ void reifyStaticAccessor(VM& vm, const HashTableValue& value, JSObject& thisObj,
 bool setUpStaticFunctionSlot(ExecState* exec, const HashTableValue* entry, JSObject* thisObj, PropertyName propertyName, PropertySlot& slot)
 {
     ASSERT(thisObj->globalObject());
-    ASSERT(entry->attributes() & BuiltinOrFunctionOrAccessorOrLazyProperty);
+    ASSERT(entry->attributes() & BuiltinOrFunctionOrAccessor);
     VM& vm = exec->vm();
     unsigned attributes;
     bool isAccessor = entry->attributes() & Accessor;
@@ -63,25 +63,13 @@ bool setUpStaticFunctionSlot(ExecState* exec, const HashTableValue* entry, JSObj
             thisObj->putDirectNativeFunction(
                 vm, thisObj->globalObject(), propertyName, entry->functionLength(),
                 entry->function(), entry->intrinsic(), attributesForStructure(entry->attributes()));
-        } else if (isAccessor)
+        } else {
+            ASSERT(isAccessor);
             reifyStaticAccessor(vm, *entry, *thisObj, propertyName);
-        else if (entry->attributes() & CellProperty) {
-            LazyCellProperty* property = bitwise_cast<LazyCellProperty*>(
-                bitwise_cast<char*>(thisObj) + entry->lazyCellPropertyOffset());
-            JSCell* result = property->get(thisObj);
-            thisObj->putDirect(vm, propertyName, result, attributesForStructure(entry->attributes()));
-        } else if (entry->attributes() & ClassStructure) {
-            LazyClassStructure* structure = bitwise_cast<LazyClassStructure*>(
-                bitwise_cast<char*>(thisObj) + entry->lazyClassStructureOffset());
-            structure->get(jsCast<JSGlobalObject*>(thisObj));
-        } else if (entry->attributes() & PropertyCallback) {
-            JSValue result = entry->lazyPropertyCallback()(vm, thisObj);
-            thisObj->putDirect(vm, propertyName, result, attributesForStructure(entry->attributes()));
-        } else
-            RELEASE_ASSERT_NOT_REACHED();
+        }
 
         offset = thisObj->getDirectOffset(vm, propertyName, attributes);
-        RELEASE_ASSERT(isValidOffset(offset));
+        ASSERT(isValidOffset(offset));
     }
 
     if (isAccessor)
index af78abe..8f0ac5a 100644 (file)
@@ -1,6 +1,6 @@
 /*
  *  Copyright (C) 1999-2000 Harri Porten (porten@kde.org)
- *  Copyright (C) 2003, 2006, 2007, 2008, 2009, 2016 Apple Inc. All rights reserved.
+ *  Copyright (C) 2003, 2006, 2007, 2008, 2009 Apple Inc. All rights reserved.
  *
  *  This library is free software; you can redistribute it and/or
  *  modify it under the terms of the GNU Lesser General Public
@@ -28,7 +28,6 @@
 #include "IdentifierInlines.h"
 #include "Intrinsic.h"
 #include "JSGlobalObject.h"
-#include "LazyProperty.h"
 #include "PropertySlot.h"
 #include "PutPropertySlot.h"
 #include "Reject.h"
@@ -46,7 +45,6 @@ struct CompactHashIndex {
 typedef PropertySlot::GetValueFunc GetFunction;
 typedef PutPropertySlot::PutValueFunc PutFunction;
 typedef FunctionExecutable* (*BuiltinGenerator)(VM&);
-typedef JSValue (*LazyPropertyCallback)(VM&, JSObject*);
 
 // Hash table generated by the create_hash_table script.
 struct HashTableValue {
@@ -76,8 +74,8 @@ struct HashTableValue {
     NativeFunction function() const { ASSERT(m_attributes & Function); return reinterpret_cast<NativeFunction>(m_values.value1); }
     unsigned char functionLength() const { ASSERT(m_attributes & Function); return static_cast<unsigned char>(m_values.value2); }
 
-    GetFunction propertyGetter() const { ASSERT(!(m_attributes & BuiltinOrFunctionOrAccessorOrLazyPropertyOrConstant)); return reinterpret_cast<GetFunction>(m_values.value1); }
-    PutFunction propertyPutter() const { ASSERT(!(m_attributes & BuiltinOrFunctionOrAccessorOrLazyPropertyOrConstant)); return reinterpret_cast<PutFunction>(m_values.value2); }
+    GetFunction propertyGetter() const { ASSERT(!(m_attributes & BuiltinOrFunctionOrAccessorOrConstant)); return reinterpret_cast<GetFunction>(m_values.value1); }
+    PutFunction propertyPutter() const { ASSERT(!(m_attributes & BuiltinOrFunctionOrAccessorOrConstant)); return reinterpret_cast<PutFunction>(m_values.value2); }
 
     NativeFunction accessorGetter() const { ASSERT(m_attributes & Accessor); return reinterpret_cast<NativeFunction>(m_values.value1); }
     NativeFunction accessorSetter() const { ASSERT(m_attributes & Accessor); return reinterpret_cast<NativeFunction>(m_values.value2); }
@@ -87,10 +85,6 @@ struct HashTableValue {
     long long constantInteger() const { ASSERT(m_attributes & ConstantInteger); return m_values.constant; }
 
     intptr_t lexerValue() const { ASSERT(!m_attributes); return m_values.value1; }
-    
-    ptrdiff_t lazyCellPropertyOffset() const { ASSERT(m_attributes & CellProperty); return m_values.value1; }
-    ptrdiff_t lazyClassStructureOffset() const { ASSERT(m_attributes & ClassStructure); return m_values.value1; }
-    LazyPropertyCallback lazyPropertyCallback() const { ASSERT(m_attributes & PropertyCallback); return reinterpret_cast<LazyPropertyCallback>(m_values.value1); }
 };
 
 struct HashTable {
@@ -227,7 +221,7 @@ inline bool getStaticPropertySlot(ExecState* exec, const HashTable& table, ThisI
     if (!entry)
         return false;
 
-    if (entry->attributes() & BuiltinOrFunctionOrAccessorOrLazyProperty)
+    if (entry->attributes() & BuiltinOrFunctionOrAccessor)
         return setUpStaticFunctionSlot(exec, entry, thisObj, propertyName, slot);
 
     if (entry->attributes() & ConstantInteger) {
@@ -277,7 +271,7 @@ inline bool getStaticValueSlot(ExecState* exec, const HashTable& table, ThisImp*
     if (!entry)
         return false;
 
-    ASSERT(!(entry->attributes() & BuiltinOrFunctionOrAccessorOrLazyProperty));
+    ASSERT(!(entry->attributes() & BuiltinOrFunctionOrAccessor));
 
     if (entry->attributes() & ConstantInteger) {
         slot.setValue(thisObj, attributesForStructure(entry->attributes()), jsNumber(entry->constantInteger()));
@@ -293,10 +287,9 @@ inline bool getStaticValueSlot(ExecState* exec, const HashTable& table, ThisImp*
 // 'slot.thisValue()' is the object the put was originally performed on (in the case of a proxy, the proxy itself).
 inline bool putEntry(ExecState* exec, const HashTableValue* entry, JSObject* base, JSObject* thisValue, PropertyName propertyName, JSValue value, PutPropertySlot& slot)
 {
-    if (entry->attributes() & BuiltinOrFunctionOrLazyProperty) {
+    if (entry->attributes() & BuiltinOrFunction) {
         if (!(entry->attributes() & ReadOnly)) {
-            // If this is a function or lazy property put then we just do the put because
-            // logically the object already had the property, so this is just a replace.
+            // If this is a function put it as an override property.
             if (JSObject* thisObject = jsDynamicCast<JSObject*>(thisValue))
                 thisObject->putDirect(exec->vm(), propertyName, value);
             return true;
@@ -367,27 +360,6 @@ inline void reifyStaticProperty(VM& vm, const HashTableValue& value, JSObject& t
         reifyStaticAccessor(vm, value, thisObj, propertyName);
         return;
     }
-    
-    if (value.attributes() & CellProperty) {
-        LazyCellProperty* property = bitwise_cast<LazyCellProperty*>(
-            bitwise_cast<char*>(&thisObj) + value.lazyCellPropertyOffset());
-        JSCell* result = property->get(&thisObj);
-        thisObj.putDirect(vm, propertyName, result, attributesForStructure(value.attributes()));
-        return;
-    }
-    
-    if (value.attributes() & ClassStructure) {
-        LazyClassStructure* structure = bitwise_cast<LazyClassStructure*>(
-            bitwise_cast<char*>(&thisObj) + value.lazyClassStructureOffset());
-        structure->get(jsCast<JSGlobalObject*>(&thisObj));
-        return;
-    }
-    
-    if (value.attributes() & PropertyCallback) {
-        JSValue result = value.lazyPropertyCallback()(vm, &thisObj);
-        thisObj.putDirect(vm, propertyName, result, attributesForStructure(value.attributes()));
-        return;
-    }
 
     CustomGetterSetter* customGetterSetter = CustomGetterSetter::create(vm, value.propertyGetter(), value.propertyPutter());
     thisObj.putDirectCustomAccessor(vm, propertyName, customGetterSetter, attributesForStructure(value.attributes()));
index 15403cd..d163a24 100644 (file)
@@ -1,5 +1,5 @@
 /*
- *  Copyright (C) 2005, 2007, 2008, 2015-2016 Apple Inc. All rights reserved.
+ *  Copyright (C) 2005, 2007, 2008, 2015 Apple Inc. All rights reserved.
  *
  *  This library is free software; you can redistribute it and/or
  *  modify it under the terms of the GNU Library General Public
@@ -46,13 +46,9 @@ enum Attribute {
     Function          = 1 << 8,  // property is a function - only used by static hashtables
     Builtin           = 1 << 9,  // property is a builtin function - only used by static hashtables
     ConstantInteger   = 1 << 10, // property is a constant integer - only used by static hashtables
-    CellProperty      = 1 << 11, // property is a lazy property - only used by static hashtables
-    ClassStructure    = 1 << 12, // property is a lazy class structure - only used by static hashtables
-    PropertyCallback  = 1 << 13, // property that is a lazy property callback - only used by static hashtables
     BuiltinOrFunction = Builtin | Function, // helper only used by static hashtables
-    BuiltinOrFunctionOrLazyProperty = Builtin | Function | CellProperty | ClassStructure | PropertyCallback, // helper only used by static hashtables
-    BuiltinOrFunctionOrAccessorOrLazyProperty = Builtin | Function | Accessor | CellProperty | ClassStructure | PropertyCallback, // helper only used by static hashtables
-    BuiltinOrFunctionOrAccessorOrLazyPropertyOrConstant = Builtin | Function | Accessor | CellProperty | ClassStructure | PropertyCallback | ConstantInteger // helper only used by static hashtables
+    BuiltinOrFunctionOrAccessor = Builtin | Function | Accessor, // helper only used by static hashtables
+    BuiltinOrFunctionOrAccessorOrConstant = Builtin | Function | Accessor | ConstantInteger, // helper only used by static hashtables
 };
 
 enum CacheabilityType : uint8_t {
index f1969aa..3a08eeb 100644 (file)
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2013, 2016 Apple Inc. All rights reserved.
+ * Copyright (C) 2013 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -33,34 +33,18 @@ namespace JSC {
 
 struct ClassInfo;
 
-#define FOR_EACH_TYPED_ARRAY_TYPE(macro) \
-    macro(Int8) \
-    macro(Uint8) \
-    macro(Uint8Clamped) \
-    macro(Int16) \
-    macro(Uint16) \
-    macro(Int32) \
-    macro(Uint32) \
-    macro(Float32) \
-    macro(Float64) \
-    macro(DataView)
-
-#define FOR_EACH_TYPED_ARRAY_TYPE_EXCLUDING_DATA_VIEW(macro) \
-    macro(Int8) \
-    macro(Uint8) \
-    macro(Uint8Clamped) \
-    macro(Int16) \
-    macro(Uint16) \
-    macro(Int32) \
-    macro(Uint32) \
-    macro(Float32) \
-    macro(Float64)
-
 enum TypedArrayType {
     NotTypedArray,
-#define DECLARE_TYPED_ARRAY_TYPE(name) Type ## name,
-    FOR_EACH_TYPED_ARRAY_TYPE(DECLARE_TYPED_ARRAY_TYPE)
-#undef DECLARE_TYPED_ARRAY_TYPE
+    TypeInt8,
+    TypeUint8,
+    TypeUint8Clamped,
+    TypeInt16,
+    TypeUint16,
+    TypeInt32,
+    TypeUint32,
+    TypeFloat32,
+    TypeFloat64,
+    TypeDataView
 };
 
 #define NUMBER_OF_TYPED_ARRAY_TYPES TypeDataView
index e20e399..7aa6b47 100644 (file)
@@ -1,3 +1,21 @@
+2016-05-04  Chris Dumez  <cdumez@apple.com>
+
+        Unreviewed, rolling out r200383 and r200406.
+
+        Seems to have caused crashes on iOS / ARMv7s
+
+        Reverted changesets:
+
+        "Speed up JSGlobalObject initialization by making some
+        properties lazy"
+        https://bugs.webkit.org/show_bug.cgi?id=157045
+        http://trac.webkit.org/changeset/200383
+
+        "REGRESSION(r200383): Setting lazily initialized properties
+        across frame boundaries crashes"
+        https://bugs.webkit.org/show_bug.cgi?id=157333
+        http://trac.webkit.org/changeset/200406
+
 2016-05-03  Filip Pizlo  <fpizlo@apple.com>
 
         Speed up JSGlobalObject initialization by making some properties lazy
index 9eb373b..eaa1a8f 100644 (file)
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2008, 2016 Apple Inc. All Rights Reserved.
+ * Copyright (C) 2008 Apple Inc. All Rights Reserved.
  * Copyright (C) 2013 Patrick Gansterer <paroga@paroga.com>
  *
  * Redistribution and use in source and binary forms, with or without
@@ -29,7 +29,6 @@
 
 #include <chrono>
 #include <memory>
-#include <string.h>
 #include <wtf/Assertions.h>
 #include <wtf/CheckedArithmetic.h>
 
@@ -285,20 +284,6 @@ inline void insertIntoBoundedVector(VectorType& vector, size_t size, const Eleme
 // https://bugs.webkit.org/show_bug.cgi?id=131815
 WTF_EXPORT_PRIVATE bool isCompilationThread();
 
-template<typename Func>
-bool isStatelessLambda()
-{
-    return std::is_empty<Func>::value;
-}
-
-template<typename ResultType, typename Func, typename... ArgumentTypes>
-ResultType callStatelessLambda(ArgumentTypes&&... arguments)
-{
-    uint64_t data[(sizeof(Func) + sizeof(uint64_t) - 1) / sizeof(uint64_t)];
-    memset(data, 0, sizeof(data));
-    return (*bitwise_cast<Func*>(data))(std::forward<ArgumentTypes>(arguments)...);
-}
-
 } // namespace WTF
 
 // This version of placement new omits a 0 check.
@@ -418,8 +403,6 @@ using WTF::tryBinarySearch;
 using WTF::approximateBinarySearch;
 using WTF::bitwise_cast;
 using WTF::safeCast;
-using WTF::isStatelessLambda;
-using WTF::callStatelessLambda;
 
 #if COMPILER_SUPPORTS(CXX_USER_LITERALS)
 // We normally don't want to bring in entire std namespaces, but literals are an exception.
index a5de086..c61294f 100644 (file)
@@ -1,3 +1,21 @@
+2016-05-04  Chris Dumez  <cdumez@apple.com>
+
+        Unreviewed, rolling out r200383 and r200406.
+
+        Seems to have caused crashes on iOS / ARMv7s
+
+        Reverted changesets:
+
+        "Speed up JSGlobalObject initialization by making some
+        properties lazy"
+        https://bugs.webkit.org/show_bug.cgi?id=157045
+        http://trac.webkit.org/changeset/200383
+
+        "REGRESSION(r200383): Setting lazily initialized properties
+        across frame boundaries crashes"
+        https://bugs.webkit.org/show_bug.cgi?id=157333
+        http://trac.webkit.org/changeset/200406
+
 2016-05-04  Joanmarie Diggs  <jdiggs@igalia.com>
 
         AX: ARIA 'region' role is now a landmark; HTML 'section' element should be a landmark only if named
index 693fb1d..a2b3e1d 100644 (file)
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2007, 2016 Apple Inc. All rights reserved.
+ * Copyright (C) 2007 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -101,21 +101,14 @@ JSScope* JSHTMLElement::pushEventHandlerScope(ExecState* exec, JSScope* scope) c
     HTMLElement& element = wrapped();
 
     // The document is put on first, fall back to searching it only after the element and form.
-    // FIXME: This probably may use the wrong global object. If this is called from a native
-    // function, then it would be correct but not optimal since the native function would *know*
-    // the global object. But, it may be that globalObject() is more correct.
-    // https://bugs.webkit.org/show_bug.cgi?id=134932
-    VM& vm = exec->vm();
-    JSGlobalObject* lexicalGlobalObject = exec->lexicalGlobalObject();
-    
-    scope = JSWithScope::create(vm, lexicalGlobalObject, asObject(toJS(exec, globalObject(), &element.document())), scope);
+    scope = JSWithScope::create(exec, asObject(toJS(exec, globalObject(), &element.document())), scope);
 
     // The form is next, searched before the document, but after the element itself.
     if (HTMLFormElement* form = element.form())
-        scope = JSWithScope::create(vm, lexicalGlobalObject, asObject(toJS(exec, globalObject(), form)), scope);
+        scope = JSWithScope::create(exec, asObject(toJS(exec, globalObject(), form)), scope);
 
     // The element is on top, searched first.
-    return JSWithScope::create(vm, lexicalGlobalObject, asObject(toJS(exec, globalObject(), &element)), scope);
+    return JSWithScope::create(exec, asObject(toJS(exec, globalObject(), &element)), scope);
 }
 
 } // namespace WebCore