Changeset 32807 for trunk/JavaScriptCore – WebKit

trunk/JavaScriptCore/API/JSBase.cpp

-              r29663
+              r32807
+{
     JSLock lock;
+    if (!Collector::isBusy())
+        Collector::collect();
+    // It might seem that we have a context passed to this function, and can use toJS(ctx)->heap(), but the parameter is likely to be NULL.
+    // The performance difference should be negligible anyway.
+    Heap* heap = Heap::threadHeap();
+    if (!heap->isBusy())
+        heap->collect();
     // FIXME: Perhaps we should trigger a second mark and sweep
     // once the garbage collector is done if this is called when

trunk/JavaScriptCore/API/JSCallbackObjectFunctions.h

r32609	r32807
467	467	if (StaticFunctionEntry* entry = staticFunctions->get(propertyName.ustring().rep())) {
468	468	if (JSObjectCallAsFunctionCallback callAsFunction = entry->callAsFunction) {
469		JSObject* o = new JSCallbackFunction(exec, callAsFunction, propertyName);
	469	JSObject* o = new (exec) JSCallbackFunction(exec, callAsFunction, propertyName);
470	470	thisObj->putDirect(propertyName, o, entry->attributes);
471	471	return o;

trunk/JavaScriptCore/API/JSClassRef.cpp

r31872	r32807
163	163	if (!parentPrototype)
164	164	parentPrototype = exec->dynamicGlobalObject()->objectPrototype();
165		cachedPrototype = new JSCallbackObject<JSObject>(exec, prototypeClass, parentPrototype, this); // set ourself as the object's private data, so it can clear our reference on destruction
	165	cachedPrototype = new (exec) JSCallbackObject<JSObject>(exec, prototypeClass, parentPrototype, this); // set ourself as the object's private data, so it can clear our reference on destruction
166	166	}
167	167	return cachedPrototype;

trunk/JavaScriptCore/API/JSObjectRef.cpp

-              r32609
+              r32807
     if (!jsClass)
         return toRef(new JSObject(exec->lexicalGlobalObject()->objectPrototype())); // slightly more efficient
+        return toRef(new (exec) JSObject(exec->lexicalGlobalObject()->objectPrototype())); // slightly more efficient
     JSValue* jsPrototype = jsClass->prototype(ctx);
 …
         jsPrototype = exec->lexicalGlobalObject()->objectPrototype();
     return toRef(new JSCallbackObject<JSObject>(exec, jsClass, jsPrototype, data));
+    return toRef(new (exec) JSCallbackObject<JSObject>(exec, jsClass, jsPrototype, data));
+}
 …
     Identifier nameID = name ? Identifier(toJS(name)) : Identifier("anonymous");
     return toRef(new JSCallbackFunction(exec, callAsFunction, nameID));
+    return toRef(new (exec) JSCallbackFunction(exec, callAsFunction, nameID));
+}
 …
         : exec->dynamicGlobalObject()->objectPrototype();
     JSCallbackConstructor* constructor = new JSCallbackConstructor(exec, jsClass, callAsConstructor);
+    JSCallbackConstructor* constructor = new (exec) JSCallbackConstructor(exec, jsClass, callAsConstructor);
     constructor->putDirect(exec->propertyNames().prototype, jsPrototype, DontEnum | DontDelete | ReadOnly);
     return toRef(constructor);
 …
     List args;
     for (unsigned i = 0; i < parameterCount; i++)
         args.append(jsString(UString(toJS(parameterNames[i]))));
     args.append(jsString(UString(bodyRep)));
+        args.append(jsString(exec, UString(toJS(parameterNames[i]))));
+    args.append(jsString(exec, UString(bodyRep)));
     JSObject* result = exec->dynamicGlobalObject()->functionConstructor()->construct(exec, args, nameID, UString(sourceURLRep), startingLineNumber);

trunk/JavaScriptCore/API/JSValueRef.cpp

-              r29663
+              r32807
+}
 JSValueRef JSValueMakeNumber(JSContextRef, double value)
+{
     JSLock lock;
     return toRef(jsNumber(value));
+}
 JSValueRef JSValueMakeString(JSContextRef, JSStringRef string)
+JSValueRef JSValueMakeNumber(JSContextRef ctx, double value)
+{
+    JSLock lock;
+    return toRef(jsNumber(toJS(ctx), value));
+}
+JSValueRef JSValueMakeString(JSContextRef ctx, JSStringRef string)
+{
     JSLock lock;
     UString::Rep* rep = toJS(string);
     return toRef(jsString(UString(rep)));
+    return toRef(jsString(toJS(ctx), UString(rep)));
+}

trunk/JavaScriptCore/ChangeLog

-              r32805
+              r32807
+-05-02  Alexey Proskuryakov  <[email protected]>
+        Reviewed by Geoffrey Garen.
+        https://bugs.webkit.org/show_bug.cgi?id=18826
+        Make JavaScript heap per-thread
+        * wtf/ThreadSpecific.h: Make sure to initialize POD thread-specific varaibles, too
+        (replaced "new T" with "new T()").
+        * kjs/collector.h: Renamed Collector to Heap, made the heap per-thread. Removed support for
+        multithreaded access to a heap.
+        (KJS::CollectorBlock): Removed collectOnMainThreadOnly bitmap, added a reference to owner heap.
+        (KJS::SmallCellCollectorBlock): Ditto.
+        (KJS::Heap::markListSet): Moved from a static variable in List.cpp to a per-thread one here.
+        (KJS::Heap::heap): Added a method to find which heap a JSValue is allocated in.
+        * kjs/collector.cpp: Changed "const size_t" constants to #defines, to avoid a PIC branch
+        (gcc was using one to access a constant used in std::max(), because it takes a reference,
+        even though std::max() itself was inlined).
+        (KJS::Heap::threadHeap): JS heap is now per-thread.
+        (KJS::Heap::Heap): Zero-initialize the heap.
+        (KJS::allocateBlock): Added NEVER_INLINE, because this function uses a PIC branch, so
+        inlining it in Heap::heapAllocate() is bad for performance, now that the latter doesn't
+        use any global data.
+        (KJS::Heap::heapAllocate): Initialize Block::heap.
+        (KJS::Heap::markCurrentThreadConservatively): Moved into markStackObjectsConservatively(),
+        as GC only works with a current thread's heap now.
+        (KJS::Heap::sweep): Removed collectOnMainThreadOnly checks.
+        (KJS::Heap::collect): Ditto.
+        * kjs/JSLock.cpp:
+        * kjs/JSLock.h:
+        (KJS::JSLock::JSLock):
+        Removed registerThread(), as the heap no longer cares.
+        * kjs/InitializeThreading.cpp: (KJS::initializeThreading): Initialize new per-thread
+        variables in Heap and JSGlobalObject.
+        * kjs/ExecState.h: (KJS::ExecState::heap): Added a heap pointer for faster access to
+        per-thread heap, and an accessor for it.
+        * kjs/JSGlobalObject.h: Made JSGlobalObject linked list per-thread.
+        * kjs/JSGlobalObject.cpp:
+        (KJS::JSGlobalObject::~JSGlobalObject): Fixed a bug in linked list handling. It only worked
+        right if the removed object was the head one!
+        (KJS::JSGlobalObject::head): Return a per-thread list head.
+        (KJS::JSGlobalObject::init): Store a reference to per-thread heap.
+        (KJS::JSGlobalObject::reset): Pass ExecState to functions that need it.
+        (KJS::JSGlobalObject::tearOffActivation): Ditto.
+        (KJS::JSGlobalObject::operator new): JSGlobalObject allocation cannot use an ExecState,
+        so it needs a custom operator new that directly accesses per-thread heap.
+        * kjs/list.h:
+        (KJS::List::List): Replaced m_isInMarkSet boolean with an actual pointer to the set, since it
+        is no longer a single static object.
+        (KJS::List::~List): Ditto.
+        * kjs/list.cpp:
+        (KJS::List::markSet): Removed, this is now stored in Heap.
+        (KJS::List::markProtectedLists): Take a reference to the list.
+        (KJS::List::expandAndAppend): Ask the current thread heap for a mark set reference.
+        * kjs/protect.h:
+        (KJS::gcProtect):
+        (KJS::gcUnprotect):
+        Use the newly added Heap::heap() method to find out which heap the value to be (un)protected
+        belongs to.
+        * kjs/property_map.h: Removed unused SavedProperty class.
+        * JavaScriptCore.exp:
+        * API/JSBase.cpp:
+        (JSGarbageCollect):
+        * API/JSCallbackObjectFunctions.h:
+        (KJS::::staticFunctionGetter):
+        * API/JSClassRef.cpp:
+        (OpaqueJSClass::prototype):
+        * API/JSObjectRef.cpp:
+        (JSObjectMake):
+        (JSObjectMakeFunctionWithCallback):
+        (JSObjectMakeConstructor):
+        (JSObjectMakeFunction):
+        * API/JSValueRef.cpp:
+        (JSValueMakeNumber):
+        (JSValueMakeString):
+        * kjs/array_instance.cpp:
+        (KJS::ArrayInstance::ArrayInstance):
+        (KJS::ArrayInstance::lengthGetter):
+        * kjs/array_object.cpp:
+        (KJS::arrayProtoFuncToString):
+        (KJS::arrayProtoFuncToLocaleString):
+        (KJS::arrayProtoFuncJoin):
+        (KJS::arrayProtoFuncConcat):
+        (KJS::arrayProtoFuncPop):
+        (KJS::arrayProtoFuncPush):
+        (KJS::arrayProtoFuncShift):
+        (KJS::arrayProtoFuncSlice):
+        (KJS::arrayProtoFuncSplice):
+        (KJS::arrayProtoFuncUnShift):
+        (KJS::arrayProtoFuncFilter):
+        (KJS::arrayProtoFuncMap):
+        (KJS::arrayProtoFuncEvery):
+        (KJS::arrayProtoFuncForEach):
+        (KJS::arrayProtoFuncSome):
+        (KJS::arrayProtoFuncIndexOf):
+        (KJS::arrayProtoFuncLastIndexOf):
+        (KJS::ArrayObjectImp::ArrayObjectImp):
+        (KJS::ArrayObjectImp::construct):
+        * kjs/bool_object.cpp:
+        (KJS::BooleanPrototype::BooleanPrototype):
+        (KJS::booleanProtoFuncToString):
+        (KJS::BooleanObjectImp::BooleanObjectImp):
+        (KJS::BooleanObjectImp::construct):
+        * kjs/date_object.cpp:
+        (KJS::formatLocaleDate):
+        (KJS::DatePrototype::DatePrototype):
+        (KJS::DateObjectImp::DateObjectImp):
+        (KJS::DateObjectImp::construct):
+        (KJS::DateObjectImp::callAsFunction):
+        (KJS::DateObjectFuncImp::DateObjectFuncImp):
+        (KJS::DateObjectFuncImp::callAsFunction):
+        (KJS::dateProtoFuncToString):
+        (KJS::dateProtoFuncToUTCString):
+        (KJS::dateProtoFuncToDateString):
+        (KJS::dateProtoFuncToTimeString):
+        (KJS::dateProtoFuncToLocaleString):
+        (KJS::dateProtoFuncToLocaleDateString):
+        (KJS::dateProtoFuncToLocaleTimeString):
+        (KJS::dateProtoFuncValueOf):
+        (KJS::dateProtoFuncGetTime):
+        (KJS::dateProtoFuncGetFullYear):
+        (KJS::dateProtoFuncGetUTCFullYear):
+        (KJS::dateProtoFuncToGMTString):
+        (KJS::dateProtoFuncGetMonth):
+        (KJS::dateProtoFuncGetUTCMonth):
+        (KJS::dateProtoFuncGetDate):
+        (KJS::dateProtoFuncGetUTCDate):
+        (KJS::dateProtoFuncGetDay):
+        (KJS::dateProtoFuncGetUTCDay):
+        (KJS::dateProtoFuncGetHours):
+        (KJS::dateProtoFuncGetUTCHours):
+        (KJS::dateProtoFuncGetMinutes):
+        (KJS::dateProtoFuncGetUTCMinutes):
+        (KJS::dateProtoFuncGetSeconds):
+        (KJS::dateProtoFuncGetUTCSeconds):
+        (KJS::dateProtoFuncGetMilliSeconds):
+        (KJS::dateProtoFuncGetUTCMilliseconds):
+        (KJS::dateProtoFuncGetTimezoneOffset):
+        (KJS::dateProtoFuncSetTime):
+        (KJS::setNewValueFromTimeArgs):
+        (KJS::setNewValueFromDateArgs):
+        (KJS::dateProtoFuncSetYear):
+        (KJS::dateProtoFuncGetYear):
+        * kjs/error_object.cpp:
+        (KJS::ErrorPrototype::ErrorPrototype):
+        (KJS::errorProtoFuncToString):
+        (KJS::ErrorObjectImp::ErrorObjectImp):
+        (KJS::ErrorObjectImp::construct):
+        (KJS::NativeErrorPrototype::NativeErrorPrototype):
+        (KJS::NativeErrorImp::NativeErrorImp):
+        (KJS::NativeErrorImp::construct):
+        * kjs/function.cpp:
+        (KJS::FunctionImp::lengthGetter):
+        (KJS::FunctionImp::construct):
+        (KJS::Arguments::Arguments):
+        (KJS::ActivationImp::createArgumentsObject):
+        (KJS::encode):
+        (KJS::decode):
+        (KJS::globalFuncParseInt):
+        (KJS::globalFuncParseFloat):
+        (KJS::globalFuncEscape):
+        (KJS::globalFuncUnescape):
+        (KJS::PrototypeFunction::PrototypeFunction):
+        (KJS::PrototypeReflexiveFunction::PrototypeReflexiveFunction):
+        * kjs/function_object.cpp:
+        (KJS::FunctionPrototype::FunctionPrototype):
+        (KJS::functionProtoFuncToString):
+        (KJS::FunctionObjectImp::FunctionObjectImp):
+        (KJS::FunctionObjectImp::construct):
+        * kjs/internal.cpp:
+        (KJS::StringImp::toObject):
+        * kjs/internal.h:
+        (KJS::StringImp::StringImp):
+        (KJS::NumberImp::operator new):
+        * kjs/lookup.h:
+        (KJS::staticFunctionGetter):
+        (KJS::cacheGlobalObject):
+        * kjs/math_object.cpp:
+        (KJS::MathObjectImp::getValueProperty):
+        (KJS::mathProtoFuncAbs):
+        (KJS::mathProtoFuncACos):
+        (KJS::mathProtoFuncASin):
+        (KJS::mathProtoFuncATan):
+        (KJS::mathProtoFuncATan2):
+        (KJS::mathProtoFuncCeil):
+        (KJS::mathProtoFuncCos):
+        (KJS::mathProtoFuncExp):
+        (KJS::mathProtoFuncFloor):
+        (KJS::mathProtoFuncLog):
+        (KJS::mathProtoFuncMax):
+        (KJS::mathProtoFuncMin):
+        (KJS::mathProtoFuncPow):
+        (KJS::mathProtoFuncRandom):
+        (KJS::mathProtoFuncRound):
+        (KJS::mathProtoFuncSin):
+        (KJS::mathProtoFuncSqrt):
+        (KJS::mathProtoFuncTan):
+        * kjs/nodes.cpp:
+        (KJS::Node::handleException):
+        (KJS::NumberNode::evaluate):
+        (KJS::StringNode::evaluate):
+        (KJS::ArrayNode::evaluate):
+        (KJS::PostIncResolveNode::evaluate):
+        (KJS::PostIncLocalVarNode::evaluate):
+        (KJS::PostDecResolveNode::evaluate):
+        (KJS::PostDecLocalVarNode::evaluate):
+        (KJS::PostDecLocalVarNode::inlineEvaluateToNumber):
+        (KJS::PostIncBracketNode::evaluate):
+        (KJS::PostDecBracketNode::evaluate):
+        (KJS::PostIncDotNode::evaluate):
+        (KJS::PostDecDotNode::evaluate):
+        (KJS::typeStringForValue):
+        (KJS::LocalVarTypeOfNode::evaluate):
+        (KJS::TypeOfResolveNode::evaluate):
+        (KJS::TypeOfValueNode::evaluate):
+        (KJS::PreIncLocalVarNode::evaluate):
+        (KJS::PreIncResolveNode::evaluate):
+        (KJS::PreDecLocalVarNode::evaluate):
+        (KJS::PreDecResolveNode::evaluate):
+        (KJS::PreIncConstNode::evaluate):
+        (KJS::PreDecConstNode::evaluate):
+        (KJS::PostIncConstNode::evaluate):
+        (KJS::PostDecConstNode::evaluate):
+        (KJS::PreIncBracketNode::evaluate):
+        (KJS::PreDecBracketNode::evaluate):
+        (KJS::PreIncDotNode::evaluate):
+        (KJS::PreDecDotNode::evaluate):
+        (KJS::NegateNode::evaluate):
+        (KJS::BitwiseNotNode::evaluate):
+        (KJS::MultNode::evaluate):
+        (KJS::DivNode::evaluate):
+        (KJS::ModNode::evaluate):
+        (KJS::addSlowCase):
+        (KJS::add):
+        (KJS::AddNumbersNode::evaluate):
+        (KJS::AddStringsNode::evaluate):
+        (KJS::AddStringLeftNode::evaluate):
+        (KJS::AddStringRightNode::evaluate):
+        (KJS::SubNode::evaluate):
+        (KJS::LeftShiftNode::evaluate):
+        (KJS::RightShiftNode::evaluate):
+        (KJS::UnsignedRightShiftNode::evaluate):
+        (KJS::BitXOrNode::evaluate):
+        (KJS::BitOrNode::evaluate):
+        (KJS::valueForReadModifyAssignment):
+        (KJS::ForInNode::execute):
+        (KJS::TryNode::execute):
+        (KJS::FuncDeclNode::makeFunction):
+        (KJS::FuncExprNode::evaluate):
+        * kjs/number_object.cpp:
+        (KJS::NumberPrototype::NumberPrototype):
+        (KJS::numberProtoFuncToString):
+        (KJS::numberProtoFuncToLocaleString):
+        (KJS::numberProtoFuncToFixed):
+        (KJS::numberProtoFuncToExponential):
+        (KJS::numberProtoFuncToPrecision):
+        (KJS::NumberObjectImp::NumberObjectImp):
+        (KJS::NumberObjectImp::getValueProperty):
+        (KJS::NumberObjectImp::construct):
+        (KJS::NumberObjectImp::callAsFunction):
+        * kjs/object.cpp:
+        (KJS::JSObject::defineGetter):
+        (KJS::JSObject::defineSetter):
+        (KJS::JSObject::putDirect):
+        (KJS::Error::create):
+        * kjs/object.h:
+        * kjs/object_object.cpp:
+        (KJS::ObjectPrototype::ObjectPrototype):
+        (KJS::objectProtoFuncToLocaleString):
+        (KJS::objectProtoFuncToString):
+        (KJS::ObjectObjectImp::ObjectObjectImp):
+        (KJS::ObjectObjectImp::construct):
+        * kjs/regexp_object.cpp:
+        (KJS::RegExpPrototype::RegExpPrototype):
+        (KJS::regExpProtoFuncToString):
+        (KJS::RegExpImp::getValueProperty):
+        (KJS::RegExpObjectImp::RegExpObjectImp):
+        (KJS::RegExpObjectImp::arrayOfMatches):
+        (KJS::RegExpObjectImp::getBackref):
+        (KJS::RegExpObjectImp::getLastParen):
+        (KJS::RegExpObjectImp::getLeftContext):
+        (KJS::RegExpObjectImp::getRightContext):
+        (KJS::RegExpObjectImp::getValueProperty):
+        (KJS::RegExpObjectImp::createRegExpImp):
+        * kjs/regexp_object.h:
+        * kjs/string_object.cpp:
+        (KJS::StringInstance::StringInstance):
+        (KJS::StringInstance::lengthGetter):
+        (KJS::StringInstance::indexGetter):
+        (KJS::stringInstanceNumericPropertyGetter):
+        (KJS::StringPrototype::StringPrototype):
+        (KJS::replace):
+        (KJS::stringProtoFuncCharAt):
+        (KJS::stringProtoFuncCharCodeAt):
+        (KJS::stringProtoFuncConcat):
+        (KJS::stringProtoFuncIndexOf):
+        (KJS::stringProtoFuncLastIndexOf):
+        (KJS::stringProtoFuncMatch):
+        (KJS::stringProtoFuncSearch):
+        (KJS::stringProtoFuncReplace):
+        (KJS::stringProtoFuncSlice):
+        (KJS::stringProtoFuncSplit):
+        (KJS::stringProtoFuncSubstr):
+        (KJS::stringProtoFuncSubstring):
+        (KJS::stringProtoFuncToLowerCase):
+        (KJS::stringProtoFuncToUpperCase):
+        (KJS::stringProtoFuncToLocaleLowerCase):
+        (KJS::stringProtoFuncToLocaleUpperCase):
+        (KJS::stringProtoFuncLocaleCompare):
+        (KJS::stringProtoFuncBig):
+        (KJS::stringProtoFuncSmall):
+        (KJS::stringProtoFuncBlink):
+        (KJS::stringProtoFuncBold):
+        (KJS::stringProtoFuncFixed):
+        (KJS::stringProtoFuncItalics):
+        (KJS::stringProtoFuncStrike):
+        (KJS::stringProtoFuncSub):
+        (KJS::stringProtoFuncSup):
+        (KJS::stringProtoFuncFontcolor):
+        (KJS::stringProtoFuncFontsize):
+        (KJS::stringProtoFuncAnchor):
+        (KJS::stringProtoFuncLink):
+        (KJS::StringObjectImp::StringObjectImp):
+        (KJS::StringObjectImp::construct):
+        (KJS::StringObjectImp::callAsFunction):
+        (KJS::StringObjectFuncImp::StringObjectFuncImp):
+        (KJS::StringObjectFuncImp::callAsFunction):
+        * kjs/string_object.h:
+        (KJS::StringInstanceThatMasqueradesAsUndefined::StringInstanceThatMasqueradesAsUndefined):
+        * kjs/testkjs.cpp:
+        (GlobalObject::GlobalObject):
+        (functionGC):
+        (functionRun):
+        (functionReadline):
+        (kjsmain):
+        * kjs/ustring.h:
+        * kjs/value.cpp:
+        (KJS::JSCell::operator new):
+        (KJS::jsString):
+        (KJS::jsOwnedString):
+        (KJS::jsNumberCell):
+        * kjs/value.h:
+        (KJS::jsNaN):
+        (KJS::jsNumber):
+        (KJS::jsNumberFromAnd):
+        (KJS::JSCell::marked):
+        (KJS::JSCell::mark):
+        (KJS::JSValue::toJSNumber):
+        Removed collectOnMainThreadOnly, as this is the only way to collect now. Replaced calls to
+        static Collector methods with calls to per-thread Heap ones.
 -05-02  Dan Bernstein  <[email protected]>

trunk/JavaScriptCore/JavaScriptCore.exp

-              r32652
+              r32807
+__Z12jsRegExpFreeP8JSRegExp
+__Z15jsRegExpCompilePKti24JSRegExpIgnoreCaseOption23JSRegExpMultilineOptionPjPPKc
+__Z15jsRegExpExecutePK8JSRegExpPKtiiPii
+__ZN3KJS10Identifier11addSlowCaseEPNS_7UString3RepE
+__ZN3KJS10Identifier3addEPKc
+__ZN3KJS10Identifier3addEPKti
+__ZN3KJS10Identifier5equalEPKNS_7UString3RepEPKc
+__ZN3KJS10throwErrorEPNS_9ExecStateENS_9ErrorTypeE
+__ZN3KJS10throwErrorEPNS_9ExecStateENS_9ErrorTypeEPKc
+__ZN3KJS10throwErrorEPNS_9ExecStateENS_9ErrorTypeERKNS_7UStringE
+__ZN3KJS11Interpreter11checkSyntaxEPNS_9ExecStateERKNS_7UStringEiPKti
+__ZN3KJS11Interpreter21shouldPrintExceptionsEv
+__ZN3KJS11Interpreter24setShouldPrintExceptionsEb
+__ZN3KJS11Interpreter8evaluateEPNS_9ExecStateERKNS_7UStringEiPKtiPNS_7JSValueE
+__ZN3KJS11Interpreter8evaluateEPNS_9ExecStateERKNS_7UStringEiS5_PNS_7JSValueE
+__ZN3KJS11JSImmediate4typeEPKNS_7JSValueE
+__ZN3KJS11JSImmediate8toObjectEPKNS_7JSValueEPNS_9ExecStateE
+__ZN3KJS11JSImmediate8toStringEPKNS_7JSValueE
+__ZN3KJS11ProgramNode6createEPNS_14SourceElementsEPN3WTF6VectorISt4pairINS_10IdentifierEjELm16EEEPNS4_IPNS_12FuncDeclNodeELm16EEEbb
+__ZN3KJS11PropertyMap11getLocationERKNS_10IdentifierE
+__ZN3KJS11PropertyMap5clearEv
+__ZN3KJS11PropertyMapD1Ev
+__ZN3KJS12DateInstance4infoE
+__ZN3KJS12jsNumberCellEPNS_9ExecStateEd
+__ZN3KJS12PropertySlot15undefinedGetterEPNS_9ExecStateEPNS_8JSObjectERKNS_10IdentifierERKS0_
+__ZN3KJS13ArrayInstance4infoE
+__ZN3KJS13jsOwnedStringEPNS_9ExecStateERKNS_7UStringE
+__ZN3KJS13StatementNode6setLocEii
+__ZN3KJS14JSGlobalObject10globalExecEv
+__ZN3KJS14JSGlobalObject16stopTimeoutCheckEv
+__ZN3KJS14JSGlobalObject17putWithAttributesEPNS_9ExecStateERKNS_10IdentifierEPNS_7JSValueEj
+__ZN3KJS14JSGlobalObject17startTimeoutCheckEv
+__ZN3KJS14JSGlobalObject18getOwnPropertySlotEPNS_9ExecStateERKNS_10IdentifierERNS_12PropertySlotE
+__ZN3KJS14JSGlobalObject3putEPNS_9ExecStateERKNS_10IdentifierEPNS_7JSValueE
+__ZN3KJS14JSGlobalObject4initEPNS_8JSObjectE
+__ZN3KJS14JSGlobalObject4markEv
+__ZN3KJS14JSGlobalObject5resetEPNS_7JSValueE
+__ZN3KJS14JSGlobalObjectD2Ev
+__ZN3KJS14JSGlobalObjectnwEm
+__ZN3KJS14StringInstance14deletePropertyEPNS_9ExecStateERKNS_10IdentifierE
+__ZN3KJS14StringInstance16getPropertyNamesEPNS_9ExecStateERNS_17PropertyNameArrayE
+__ZN3KJS14StringInstance18getOwnPropertySlotEPNS_9ExecStateEjRNS_12PropertySlotE
+__ZN3KJS14StringInstance18getOwnPropertySlotEPNS_9ExecStateERKNS_10IdentifierERNS_12PropertySlotE
+__ZN3KJS14StringInstance3putEPNS_9ExecStateERKNS_10IdentifierEPNS_7JSValueE
+__ZN3KJS14StringInstance4infoE
+__ZN3KJS14StringInstanceC2EPNS_9ExecStateEPNS_8JSObjectERKNS_7UStringE
+__ZN3KJS15GlobalExecStateC1EPNS_14JSGlobalObjectEPNS_8JSObjectE
+__ZN3KJS15GlobalExecStateD1Ev
+__ZN3KJS15JSWrapperObject4markEv
+__ZN3KJS16JSVariableObject14deletePropertyEPNS_9ExecStateERKNS_10IdentifierE
+__ZN3KJS16JSVariableObject16getPropertyNamesEPNS_9ExecStateERNS_17PropertyNameArrayE
+__ZN3KJS16ParserRefCounted3refEv
+__ZN3KJS16ParserRefCounted5derefEv
+__ZN3KJS17PropertyNameArray3addEPNS_7UString3RepE
+__ZN3KJS17PrototypeFunctionC1EPNS_9ExecStateEiRKNS_10IdentifierEPFPNS_7JSValueES2_PNS_8JSObjectERKNS_4ListEE
+__ZN3KJS17PrototypeFunctionC1EPNS_9ExecStateEPNS_17FunctionPrototypeEiRKNS_10IdentifierEPFPNS_7JSValueES2_PNS_8JSObjectERKNS_4ListEE
+__ZN3KJS19initializeThreadingEv
+__ZN3KJS19InternalFunctionImp4infoE
+__ZN3KJS19InternalFunctionImpC2EPNS_17FunctionPrototypeERKNS_10IdentifierE
+__ZN3KJS23objectProtoFuncToStringEPNS_9ExecStateEPNS_8JSObjectERKNS_4ListE
+__ZN3KJS4Heap10threadHeapEv
+__ZN3KJS4Heap15recordExtraCostEm
+__ZN3KJS4Heap17globalObjectCountEv
+__ZN3KJS4Heap20protectedObjectCountEv
+__ZN3KJS4Heap25protectedObjectTypeCountsEv
+__ZN3KJS4Heap26protectedGlobalObjectCountEv
+__ZN3KJS4Heap4heapEPKNS_7JSValueE
+__ZN3KJS4Heap4sizeEv
+__ZN3KJS4Heap7collectEv
+__ZN3KJS4Heap7protectEPNS_7JSValueE
+__ZN3KJS4Heap8allocateEm
+__ZN3KJS4Heap9unprotectEPNS_7JSValueE
+__ZN3KJS4List15expandAndAppendEPNS_7JSValueE
+__ZN3KJS6JSCell9getObjectEv
+__ZN3KJS6JSCellnwEmPNS_9ExecStateE
+__ZN3KJS6JSLock12DropAllLocksC1Ev
+__ZN3KJS6JSLock12DropAllLocksD1Ev
+__ZN3KJS6JSLock4lockEv
+__ZN3KJS6JSLock6unlockEv
+__ZN3KJS6JSLock9lockCountEv
+__ZN3KJS6Parser5parseEiPKtjPiS3_PNS_7UStringE
+__ZN3KJS6parserEv
+__ZN3KJS6strtodEPKcPPc
+__ZN3KJS7CStringaSERKS0_
+__ZN3KJS7CStringD1Ev
+__ZN3KJS7UString3Rep11computeHashEPKti
+__ZN3KJS7UString3Rep4nullE
+__ZN3KJS7UString3Rep7destroyEv
+__ZN3KJS7UString4fromEj
+__ZN3KJS7UString6appendEPKc
+__ZN3KJS7UString6appendERKS0_
+__ZN3KJS7UStringaSEPKc
+__ZN3KJS7UStringC1EPKc
+__ZN3KJS7UStringC1EPKti
+__ZN3KJS7UStringC1ERKS0_S2_
+__ZN3KJS8Debugger12sourceUnusedEPNS_9ExecStateEi
+__ZN3KJS8Debugger6attachEPNS_14JSGlobalObjectE
+__ZN3KJS8Debugger6detachEPNS_14JSGlobalObjectE
+__ZN3KJS8Debugger9exceptionEPNS_9ExecStateEiiPNS_7JSValueE
+__ZN3KJS8DebuggerC2Ev
+__ZN3KJS8DebuggerD2Ev
+__ZN3KJS8JSObject11hasInstanceEPNS_9ExecStateEPNS_7JSValueE
+__ZN3KJS8JSObject12defineGetterEPNS_9ExecStateERKNS_10IdentifierEPS0_
+__ZN3KJS8JSObject12defineSetterEPNS_9ExecStateERKNS_10IdentifierEPS0_
+__ZN3KJS8JSObject12lookupGetterEPNS_9ExecStateERKNS_10IdentifierE
+__ZN3KJS8JSObject12lookupSetterEPNS_9ExecStateERKNS_10IdentifierE
+__ZN3KJS8JSObject12removeDirectERKNS_10IdentifierE
+__ZN3KJS8JSObject14callAsFunctionEPNS_9ExecStateEPS0_RKNS_4ListE
+__ZN3KJS8JSObject14deletePropertyEPNS_9ExecStateEj
+__ZN3KJS8JSObject14deletePropertyEPNS_9ExecStateERKNS_10IdentifierE
+__ZN3KJS8JSObject16getPropertyNamesEPNS_9ExecStateERNS_17PropertyNameArrayE
+__ZN3KJS8JSObject17putDirectFunctionEPNS_19InternalFunctionImpEi
+__ZN3KJS8JSObject17putWithAttributesEPNS_9ExecStateEjPNS_7JSValueEj
+__ZN3KJS8JSObject17putWithAttributesEPNS_9ExecStateERKNS_10IdentifierEPNS_7JSValueEj
+__ZN3KJS8JSObject18getOwnPropertySlotEPNS_9ExecStateEjRNS_12PropertySlotE
+__ZN3KJS8JSObject18getPrimitiveNumberEPNS_9ExecStateERdRPNS_7JSValueE
+__ZN3KJS8JSObject22fillGetterPropertySlotERNS_12PropertySlotEPPNS_7JSValueE
+__ZN3KJS8JSObject3putEPNS_9ExecStateEjPNS_7JSValueE
+__ZN3KJS8JSObject3putEPNS_9ExecStateERKNS_10IdentifierEPNS_7JSValueE
+__ZN3KJS8JSObject4callEPNS_9ExecStateEPS0_RKNS_4ListE
+__ZN3KJS8JSObject4markEv
+__ZN3KJS8JSObject9constructEPNS_9ExecStateERKNS_4ListE
+__ZN3KJS8JSObject9constructEPNS_9ExecStateERKNS_4ListERKNS_10IdentifierERKNS_7UStringEi
+__ZN3KJS8JSObject9putDirectERKNS_10IdentifierEPNS_7JSValueEi
+__ZN3KJS8jsStringEPNS_9ExecStateEPKc
+__ZN3KJS8jsStringEPNS_9ExecStateERKNS_7UStringE
+__ZN3KJS8Profiler13stopProfilingEv
+__ZN3KJS8Profiler14startProfilingEj
+__ZN3KJS8Profiler8profilerEv
+__ZN3KJSeqERKNS_7UStringEPKc
+__ZN3WTF10fastCallocEmm
+__ZN3WTF10fastMallocEm
+__ZN3WTF11fastReallocEPvm
+__ZN3WTF12createThreadEPFPvS0_ES0_
+__ZN3WTF12detachThreadEj
+__ZN3WTF12isMainThreadEv
+__ZN3WTF13currentThreadEv
+__ZN3WTF15ThreadCondition4waitERNS_5MutexE
+__ZN3WTF15ThreadCondition6signalEv
+__ZN3WTF15ThreadCondition9broadcastEv
+__ZN3WTF15ThreadCondition9timedWaitERNS_5MutexEd
+__ZN3WTF15ThreadConditionC1Ev
+__ZN3WTF15ThreadConditionD1Ev
+__ZN3WTF16callOnMainThreadEPFvPvES0_
+__ZN3WTF16fastZeroedMallocEm
+__ZN3WTF19initializeThreadingEv
+__ZN3WTF23waitForThreadCompletionEjPPv
+__ZN3WTF32atomicallyInitializedStaticMutexE
+__ZN3WTF5Mutex4lockEv
+__ZN3WTF5Mutex6unlockEv
+__ZN3WTF5Mutex7tryLockEv
+__ZN3WTF5MutexC1Ev
+__ZN3WTF5MutexD1Ev
+__ZN3WTF7Unicode18convertUTF16ToUTF8EPPKtS2_PPcS4_b
+__ZN3WTF8Collator18setOrderLowerFirstEb
+__ZN3WTF8CollatorC1EPKc
+__ZN3WTF8CollatorD1Ev
+__ZN3WTF8fastFreeEPv
+__ZNK3KJS11PropertyMap3getERKNS_10IdentifierE
+__ZNK3KJS12DateInstance7getTimeERdRi
+__ZNK3KJS13ArrayInstance7getItemEj
+__ZNK3KJS14JSGlobalObject14isDynamicScopeEv
+__ZNK3KJS14JSGlobalObject14toGlobalObjectEPNS_9ExecStateE
+__ZNK3KJS16JSVariableObject16isVariableObjectEv
+__ZNK3KJS16JSVariableObject21getPropertyAttributesEPNS_9ExecStateERKNS_10IdentifierERj
+__ZNK3KJS19InternalFunctionImp14implementsCallEv
+__ZNK3KJS19InternalFunctionImp21implementsHasInstanceEv
+__ZNK3KJS4List8getSliceEiRS0_
+__ZNK3KJS4Node8toStringEv
+__ZNK3KJS6JSCell17getTruncatedInt32ERi
+__ZNK3KJS6JSCell18getTruncatedUInt32ERj
+__ZNK3KJS6JSCell9getNumberERd
+__ZNK3KJS6JSCell9getNumberEv
+__ZNK3KJS6JSCell9getStringERNS_7UStringE
+__ZNK3KJS6JSCell9getStringEv
+__ZNK3KJS6JSCell9getUInt32ERj
+__ZNK3KJS7JSValue15toInt32SlowCaseEPNS_9ExecStateERb
+__ZNK3KJS7JSValue16toUInt32SlowCaseEPNS_9ExecStateERb
+__ZNK3KJS7JSValue7toFloatEPNS_9ExecStateE
+__ZNK3KJS7JSValue9toIntegerEPNS_9ExecStateE
+__ZNK3KJS7UString10UTF8StringEb
+__ZNK3KJS7UString14toStrictUInt32EPb
+__ZNK3KJS7UString5asciiEv
+__ZNK3KJS7UString6is8BitEv
+__ZNK3KJS7UString8toUInt32EPb
+__ZNK3KJS7UString8toUInt32EPbb
+__ZNK3KJS8JSObject11hasPropertyEPNS_9ExecStateEj
+__ZNK3KJS8JSObject11hasPropertyEPNS_9ExecStateERKNS_10IdentifierE
+__ZNK3KJS8JSObject12defaultValueEPNS_9ExecStateENS_6JSTypeE
+__ZNK3KJS8JSObject12toThisObjectEPNS_9ExecStateE
+__ZNK3KJS8JSObject14implementsCallEv
+__ZNK3KJS8JSObject14toGlobalObjectEPNS_9ExecStateE
+__ZNK3KJS8JSObject19implementsConstructEv
+__ZNK3KJS8JSObject21getPropertyAttributesEPNS_9ExecStateERKNS_10IdentifierERj
+__ZNK3KJS8JSObject21implementsHasInstanceEv
+__ZNK3KJS8JSObject3getEPNS_9ExecStateEj
+__ZNK3KJS8JSObject3getEPNS_9ExecStateERKNS_10IdentifierE
+__ZNK3KJS8JSObject4typeEv
+__ZNK3KJS8JSObject8toNumberEPNS_9ExecStateE
+__ZNK3KJS8JSObject8toObjectEPNS_9ExecStateE
+__ZNK3KJS8JSObject8toStringEPNS_9ExecStateE
+__ZNK3KJS8JSObject9classInfoEv
+__ZNK3KJS8JSObject9classNameEv
+__ZNK3KJS8JSObject9toBooleanEPNS_9ExecStateE
+__ZNK3KJS8Profiler20printDataSampleStyleEv
+__ZNK3KJS8Profiler23printDataInspectorStyleEv
+__ZNK3KJS9ExecState19lexicalGlobalObjectEv
+__ZNK3KJS9HashTable11createTableEv
+__ZNK3WTF8Collator7collateEPKtmS2_m
+__ZTVN3KJS14JSGlobalObjectE
+__ZTVN3KJS14StringInstanceE
+__ZTVN3KJS15JSWrapperObjectE
+__ZTVN3KJS16JSVariableObjectE
+__ZTVN3KJS19InternalFunctionImpE
+__ZTVN3KJS8JSObjectE
 _JSCheckScriptSyntax
 _JSClassCreate
 …
 _JSClassRetain
 _JSContextGetGlobalObject
+_jscore_collector_introspection
+_jscore_fastmalloc_introspection
 _JSEvaluateScript
 _JSGarbageCollect
 …
 _JSValueToStringCopy
 _JSValueUnprotect
+_kJSClassDefinitionEmpty
 _WTFLog
 _WTFLogVerbose
 …
 _WTFReportError
 _WTFReportFatalError
-__Z12jsRegExpFreeP8JSRegExp
-__Z15jsRegExpCompilePKti24JSRegExpIgnoreCaseOption23JSRegExpMultilineOptionPjPPKc
-__Z15jsRegExpExecutePK8JSRegExpPKtiiPii
-__ZN3KJS10Identifier11addSlowCaseEPNS_7UString3RepE
-__ZN3KJS10Identifier3addEPKc
-__ZN3KJS10Identifier3addEPKti
-__ZN3KJS10Identifier5equalEPKNS_7UString3RepEPKc
-__ZN3KJS10throwErrorEPNS_9ExecStateENS_9ErrorTypeE
-__ZN3KJS10throwErrorEPNS_9ExecStateENS_9ErrorTypeEPKc
-__ZN3KJS10throwErrorEPNS_9ExecStateENS_9ErrorTypeERKNS_7UStringE
-__ZN3KJS11Interpreter11checkSyntaxEPNS_9ExecStateERKNS_7UStringEiPKti
-__ZN3KJS11Interpreter21shouldPrintExceptionsEv
-__ZN3KJS11Interpreter24setShouldPrintExceptionsEb
-__ZN3KJS11Interpreter8evaluateEPNS_9ExecStateERKNS_7UStringEiPKtiPNS_7JSValueE
-__ZN3KJS11Interpreter8evaluateEPNS_9ExecStateERKNS_7UStringEiS5_PNS_7JSValueE
-__ZN3KJS11JSImmediate4typeEPKNS_7JSValueE
-__ZN3KJS11JSImmediate8toObjectEPKNS_7JSValueEPNS_9ExecStateE
-__ZN3KJS11JSImmediate8toStringEPKNS_7JSValueE
-__ZN3KJS11ProgramNode6createEPNS_14SourceElementsEPN3WTF6VectorISt4pairINS_10IdentifierEjELm16EEEPNS4_IPNS_12FuncDeclNodeELm16EEEbb
-__ZN3KJS11PropertyMap11getLocationERKNS_10IdentifierE
-__ZN3KJS11PropertyMap5clearEv
-__ZN3KJS11PropertyMapD1Ev
-__ZN3KJS12DateInstance4infoE
-__ZN3KJS12PropertySlot15undefinedGetterEPNS_9ExecStateEPNS_8JSObjectERKNS_10IdentifierERKS0_
-__ZN3KJS12jsNumberCellEd
-__ZN3KJS13ArrayInstance4infoE
-__ZN3KJS13StatementNode6setLocEii
-__ZN3KJS13jsOwnedStringERKNS_7UStringE
-__ZN3KJS14JSGlobalObject10globalExecEv
-__ZN3KJS14JSGlobalObject16stopTimeoutCheckEv
-__ZN3KJS14JSGlobalObject17putWithAttributesEPNS_9ExecStateERKNS_10IdentifierEPNS_7JSValueEj
-__ZN3KJS14JSGlobalObject17startTimeoutCheckEv
-__ZN3KJS14JSGlobalObject18getOwnPropertySlotEPNS_9ExecStateERKNS_10IdentifierERNS_12PropertySlotE
-__ZN3KJS14JSGlobalObject3putEPNS_9ExecStateERKNS_10IdentifierEPNS_7JSValueE
-__ZN3KJS14JSGlobalObject4initEPNS_8JSObjectE
-__ZN3KJS14JSGlobalObject4markEv
-__ZN3KJS14JSGlobalObject5resetEPNS_7JSValueE
-__ZN3KJS14JSGlobalObjectD2Ev
-__ZN3KJS14StringInstance14deletePropertyEPNS_9ExecStateERKNS_10IdentifierE
-__ZN3KJS14StringInstance16getPropertyNamesEPNS_9ExecStateERNS_17PropertyNameArrayE
-__ZN3KJS14StringInstance18getOwnPropertySlotEPNS_9ExecStateERKNS_10IdentifierERNS_12PropertySlotE
-__ZN3KJS14StringInstance18getOwnPropertySlotEPNS_9ExecStateEjRNS_12PropertySlotE
-__ZN3KJS14StringInstance3putEPNS_9ExecStateERKNS_10IdentifierEPNS_7JSValueE
-__ZN3KJS14StringInstance4infoE
-__ZN3KJS14StringInstanceC1EPNS_8JSObjectERKNS_7UStringE
-__ZN3KJS14StringInstanceC2EPNS_8JSObjectERKNS_7UStringE
-__ZN3KJS15GlobalExecStateC1EPNS_14JSGlobalObjectEPNS_8JSObjectE
-__ZN3KJS15GlobalExecStateD1Ev
-__ZN3KJS15JSWrapperObject4markEv
-__ZN3KJS16JSVariableObject14deletePropertyEPNS_9ExecStateERKNS_10IdentifierE
-__ZN3KJS16JSVariableObject16getPropertyNamesEPNS_9ExecStateERNS_17PropertyNameArrayE
-__ZN3KJS16ParserRefCounted3refEv
-__ZN3KJS16ParserRefCounted5derefEv
-__ZN3KJS17PropertyNameArray3addEPNS_7UString3RepE
-__ZN3KJS17PrototypeFunctionC1EPNS_9ExecStateEPNS_17FunctionPrototypeEiRKNS_10IdentifierEPFPNS_7JSValueES2_PNS_8JSObjectERKNS_4ListEE
-__ZN3KJS17PrototypeFunctionC1EPNS_9ExecStateEiRKNS_10IdentifierEPFPNS_7JSValueES2_PNS_8JSObjectERKNS_4ListEE
-__ZN3KJS19InternalFunctionImp4infoE
-__ZN3KJS19InternalFunctionImpC2EPNS_17FunctionPrototypeERKNS_10IdentifierE
-__ZN3KJS19initializeThreadingEv
-__ZN3KJS23objectProtoFuncToStringEPNS_9ExecStateEPNS_8JSObjectERKNS_4ListE
-__ZN3KJS4List15expandAndAppendEPNS_7JSValueE
-__ZN3KJS4List7markSetEv
-__ZN3KJS6JSCell9getObjectEv
-__ZN3KJS6JSCellnwEm
-__ZN3KJS6JSLock12DropAllLocksC1Ev
-__ZN3KJS6JSLock12DropAllLocksD1Ev
-__ZN3KJS6JSLock14registerThreadEv
-__ZN3KJS6JSLock4lockEv
-__ZN3KJS6JSLock6unlockEv
-__ZN3KJS6JSLock9lockCountEv
-__ZN3KJS6Parser5parseEiPKtjPiS3_PNS_7UStringE
-__ZN3KJS6parserEv
-__ZN3KJS6strtodEPKcPPc
-__ZN3KJS7CStringD1Ev
-__ZN3KJS7CStringaSERKS0_
-__ZN3KJS7UString3Rep11computeHashEPKti
-__ZN3KJS7UString3Rep4nullE
-__ZN3KJS7UString3Rep7destroyEv
-__ZN3KJS7UString4fromEj
-__ZN3KJS7UString6appendEPKc
-__ZN3KJS7UString6appendERKS0_
-__ZN3KJS7UStringC1EPKc
-__ZN3KJS7UStringC1EPKti
-__ZN3KJS7UStringC1ERKS0_S2_
-__ZN3KJS7UStringaSEPKc
-__ZN3KJS8Debugger12sourceUnusedEPNS_9ExecStateEi
-__ZN3KJS8Debugger6attachEPNS_14JSGlobalObjectE
-__ZN3KJS8Debugger6detachEPNS_14JSGlobalObjectE
-__ZN3KJS8Debugger9exceptionEPNS_9ExecStateEiiPNS_7JSValueE
-__ZN3KJS8DebuggerC2Ev
-__ZN3KJS8DebuggerD2Ev
-__ZN3KJS8JSObject11hasInstanceEPNS_9ExecStateEPNS_7JSValueE
-__ZN3KJS8JSObject12defineGetterEPNS_9ExecStateERKNS_10IdentifierEPS0_
-__ZN3KJS8JSObject12defineSetterEPNS_9ExecStateERKNS_10IdentifierEPS0_
-__ZN3KJS8JSObject12lookupGetterEPNS_9ExecStateERKNS_10IdentifierE
-__ZN3KJS8JSObject12lookupSetterEPNS_9ExecStateERKNS_10IdentifierE
-__ZN3KJS8JSObject12removeDirectERKNS_10IdentifierE
-__ZN3KJS8JSObject14callAsFunctionEPNS_9ExecStateEPS0_RKNS_4ListE
-__ZN3KJS8JSObject14deletePropertyEPNS_9ExecStateERKNS_10IdentifierE
-__ZN3KJS8JSObject14deletePropertyEPNS_9ExecStateEj
-__ZN3KJS8JSObject16getPropertyNamesEPNS_9ExecStateERNS_17PropertyNameArrayE
-__ZN3KJS8JSObject17putDirectFunctionEPNS_19InternalFunctionImpEi
-__ZN3KJS8JSObject17putWithAttributesEPNS_9ExecStateERKNS_10IdentifierEPNS_7JSValueEj
-__ZN3KJS8JSObject17putWithAttributesEPNS_9ExecStateEjPNS_7JSValueEj
-__ZN3KJS8JSObject18getOwnPropertySlotEPNS_9ExecStateEjRNS_12PropertySlotE
-__ZN3KJS8JSObject18getPrimitiveNumberEPNS_9ExecStateERdRPNS_7JSValueE
-__ZN3KJS8JSObject22fillGetterPropertySlotERNS_12PropertySlotEPPNS_7JSValueE
-__ZN3KJS8JSObject3putEPNS_9ExecStateERKNS_10IdentifierEPNS_7JSValueE
-__ZN3KJS8JSObject3putEPNS_9ExecStateEjPNS_7JSValueE
-__ZN3KJS8JSObject4callEPNS_9ExecStateEPS0_RKNS_4ListE
-__ZN3KJS8JSObject4markEv
-__ZN3KJS8JSObject9constructEPNS_9ExecStateERKNS_4ListE
-__ZN3KJS8JSObject9constructEPNS_9ExecStateERKNS_4ListERKNS_10IdentifierERKNS_7UStringEi
-__ZN3KJS8JSObject9putDirectERKNS_10IdentifierEPNS_7JSValueEi
-__ZN3KJS8JSObject9putDirectERKNS_10IdentifierEii
-__ZN3KJS8Profiler13stopProfilingEv
-__ZN3KJS8Profiler14startProfilingEj
-__ZN3KJS8Profiler8profilerEv
-__ZN3KJS8jsStringEPKc
-__ZN3KJS8jsStringERKNS_7UStringE
-__ZN3KJS9Collector15recordExtraCostEm
-__ZN3KJS9Collector17globalObjectCountEv
-__ZN3KJS9Collector20protectedObjectCountEv
-__ZN3KJS9Collector23collectOnMainThreadOnlyEPNS_7JSValueE
-__ZN3KJS9Collector25protectedObjectTypeCountsEv
-__ZN3KJS9Collector26protectedGlobalObjectCountEv
-__ZN3KJS9Collector4sizeEv
-__ZN3KJS9Collector7collectEv
-__ZN3KJS9Collector7protectEPNS_7JSValueE
-__ZN3KJS9Collector9unprotectEPNS_7JSValueE
-__ZN3KJSeqERKNS_7UStringEPKc
-__ZN3WTF10fastCallocEmm
-__ZN3WTF10fastMallocEm
-__ZN3WTF11fastReallocEPvm
-__ZN3WTF12createThreadEPFPvS0_ES0_
-__ZN3WTF12detachThreadEj
-__ZN3WTF12isMainThreadEv
-__ZN3WTF13currentThreadEv
-__ZN3WTF15ThreadCondition4waitERNS_5MutexE
-__ZN3WTF15ThreadCondition6signalEv
-__ZN3WTF15ThreadCondition9broadcastEv
-__ZN3WTF15ThreadCondition9timedWaitERNS_5MutexEd
-__ZN3WTF15ThreadConditionC1Ev
-__ZN3WTF15ThreadConditionD1Ev
-__ZN3WTF16callOnMainThreadEPFvPvES0_
-__ZN3WTF16fastZeroedMallocEm
-__ZN3WTF19initializeThreadingEv
-__ZN3WTF23waitForThreadCompletionEjPPv
-__ZN3WTF32atomicallyInitializedStaticMutexE
-__ZN3WTF5Mutex4lockEv
-__ZN3WTF5Mutex6unlockEv
-__ZN3WTF5Mutex7tryLockEv
-__ZN3WTF5MutexC1Ev
-__ZN3WTF5MutexD1Ev
-__ZN3WTF7Unicode18convertUTF16ToUTF8EPPKtS2_PPcS4_b
-__ZN3WTF8Collator18setOrderLowerFirstEb
-__ZN3WTF8CollatorC1EPKc
-__ZN3WTF8CollatorD1Ev
-__ZN3WTF8fastFreeEPv
-__ZNK3KJS11PropertyMap3getERKNS_10IdentifierE
-__ZNK3KJS12DateInstance7getTimeERdRi
-__ZNK3KJS13ArrayInstance7getItemEj
-__ZNK3KJS14JSGlobalObject14isDynamicScopeEv
-__ZNK3KJS14JSGlobalObject14toGlobalObjectEPNS_9ExecStateE
-__ZNK3KJS16JSVariableObject16isVariableObjectEv
-__ZNK3KJS16JSVariableObject21getPropertyAttributesEPNS_9ExecStateERKNS_10IdentifierERj
-__ZNK3KJS19InternalFunctionImp14implementsCallEv
-__ZNK3KJS19InternalFunctionImp21implementsHasInstanceEv
-__ZNK3KJS4List8getSliceEiRS0_
-__ZNK3KJS4Node8toStringEv
-__ZNK3KJS6JSCell17getTruncatedInt32ERi
-__ZNK3KJS6JSCell18getTruncatedUInt32ERj
-__ZNK3KJS6JSCell9getNumberERd
-__ZNK3KJS6JSCell9getNumberEv
-__ZNK3KJS6JSCell9getStringERNS_7UStringE
-__ZNK3KJS6JSCell9getStringEv
-__ZNK3KJS6JSCell9getUInt32ERj
-__ZNK3KJS7JSValue15toInt32SlowCaseEPNS_9ExecStateERb
-__ZNK3KJS7JSValue16toUInt32SlowCaseEPNS_9ExecStateERb
-__ZNK3KJS7JSValue7toFloatEPNS_9ExecStateE
-__ZNK3KJS7JSValue9toIntegerEPNS_9ExecStateE
-__ZNK3KJS7UString10UTF8StringEb
-__ZNK3KJS7UString14toStrictUInt32EPb
-__ZNK3KJS7UString5asciiEv
-__ZNK3KJS7UString6is8BitEv
-__ZNK3KJS7UString8toUInt32EPb
-__ZNK3KJS7UString8toUInt32EPbb
-__ZNK3KJS8JSObject11hasPropertyEPNS_9ExecStateERKNS_10IdentifierE
-__ZNK3KJS8JSObject11hasPropertyEPNS_9ExecStateEj
-__ZNK3KJS8JSObject12defaultValueEPNS_9ExecStateENS_6JSTypeE
-__ZNK3KJS8JSObject12toThisObjectEPNS_9ExecStateE
-__ZNK3KJS8JSObject14implementsCallEv
-__ZNK3KJS8JSObject14toGlobalObjectEPNS_9ExecStateE
-__ZNK3KJS8JSObject19implementsConstructEv
-__ZNK3KJS8JSObject21getPropertyAttributesEPNS_9ExecStateERKNS_10IdentifierERj
-__ZNK3KJS8JSObject21implementsHasInstanceEv
-__ZNK3KJS8JSObject3getEPNS_9ExecStateERKNS_10IdentifierE
-__ZNK3KJS8JSObject3getEPNS_9ExecStateEj
-__ZNK3KJS8JSObject4typeEv
-__ZNK3KJS8JSObject8toNumberEPNS_9ExecStateE
-__ZNK3KJS8JSObject8toObjectEPNS_9ExecStateE
-__ZNK3KJS8JSObject8toStringEPNS_9ExecStateE
-__ZNK3KJS8JSObject9classInfoEv
-__ZNK3KJS8JSObject9classNameEv
-__ZNK3KJS8JSObject9toBooleanEPNS_9ExecStateE
-__ZNK3KJS8Profiler20printDataSampleStyleEv
-__ZNK3KJS8Profiler23printDataInspectorStyleEv
-__ZNK3KJS9ExecState19lexicalGlobalObjectEv
-__ZNK3KJS9HashTable11createTableEv
-__ZNK3WTF8Collator7collateEPKtmS2_m
-__ZTVN3KJS14JSGlobalObjectE
-__ZTVN3KJS14StringInstanceE
-__ZTVN3KJS15JSWrapperObjectE
-__ZTVN3KJS16JSVariableObjectE
-__ZTVN3KJS19InternalFunctionImpE
-__ZTVN3KJS8JSObjectE
-_jscore_collector_introspection
-_jscore_fastmalloc_introspection
-_kJSClassDefinitionEmpty

trunk/JavaScriptCore/kjs/ExecState.h

-              r32654
+              r32807
         CommonIdentifiers* propertyNames;
         List emptyList;
+        Heap* heap;
     };
 …
         static const HashTable* stringTable(ExecState* exec) { return exec->m_perThreadData->stringTable; }
+        Heap* heap() const { return m_perThreadData->heap; }
         LocalStorage& localStorage() { return *m_localStorage; }
         void setLocalStorage(LocalStorage* s) { m_localStorage = s; }

trunk/JavaScriptCore/kjs/InitializeThreading.cpp

-              r32652
+              r32807
     if (!s_dtoaP5Mutex) {
         s_dtoaP5Mutex = new Mutex;
+#if !PLATFORM(DARWIN) // Darwin has pthread_main_np(), and doesn't need registerAsMainThread() called.
+        Collector::registerAsMainThread();
+#endif
+        Heap::threadHeap();
         UString::null();
         Identifier::initializeIdentifierThreading();
 …
         initDateMath();
         JSGlobalObject::threadClassInfoHashTables();
+        JSGlobalObject::head();
+    }
 #endif

trunk/JavaScriptCore/kjs/JSGlobalObject.cpp

-              r32687
+              r32807
+}
-JSGlobalObject* JSGlobalObject::s_head = 0;
 void JSGlobalObject::deleteActivationStack()
+{
 …
     d()->next->d()->prev = d()->prev;
     d()->prev->d()->next = d()->next;
+    s_head = d()->next;
+    if (s_head == this)
+        s_head = 0;
+    JSGlobalObject*& headObject = head();
+    if (headObject == this)
+        headObject = d()->next;
+    if (headObject == this)
+        headObject = 0;
     deleteActivationStack();
 …
+}
+JSGlobalObject*& JSGlobalObject::head()
+{
+#if USE(MULTIPLE_THREADS)
+    static ThreadSpecific<JSGlobalObject*> sharedInstance;
+    return *sharedInstance;
+#else
+    static JSGlobalObject* sharedInstance;
+    return sharedInstance;
+#endif
+}
 void JSGlobalObject::init(JSObject* thisValue)
+{
     ASSERT(JSLock::currentThreadIsHoldingLock());
     if (s_head) {
         d()->prev = s_head;
         d()->next = s_head->d()->next;
         s_head->d()->next->d()->prev = this;
         s_head->d()->next = this;
+    if (JSGlobalObject*& headObject = head()) {
+        d()->prev = headObject;
+        d()->next = headObject->d()->next;
+        headObject->d()->next->d()->prev = this;
+        headObject->d()->next = this;
     } else
         s_head = d()->next = d()->prev = this;
+        headObject = d()->next = d()->prev = this;
     resetTimeoutCheck();
 …
     d()->perThreadData.stringTable = &threadClassInfoHashTables()->stringTable;
     d()->perThreadData.propertyNames = CommonIdentifiers::shared();
+    d()->perThreadData.heap = Heap::threadHeap();
     d()->globalExec.set(new GlobalExecState(this, thisValue));
 …
 void JSGlobalObject::put(ExecState* exec, const Identifier& propertyName, JSValue* value)
+{
+    ASSERT(!Heap::heap(value) || Heap::heap(value) == Heap::heap(this));
     if (symbolTablePut(propertyName, value))
         return;
 …
     // Prototypes
     d()->functionPrototype = new FunctionPrototype(exec);
     d()->objectPrototype = new ObjectPrototype(exec, d()->functionPrototype);
+    d()->functionPrototype = new (exec) FunctionPrototype(exec);
+    d()->objectPrototype = new (exec) ObjectPrototype(exec, d()->functionPrototype);
     d()->functionPrototype->setPrototype(d()->objectPrototype);
     d()->arrayPrototype = new ArrayPrototype(exec, d()->objectPrototype);
     d()->stringPrototype = new StringPrototype(exec, d()->objectPrototype);
     d()->booleanPrototype = new BooleanPrototype(exec, d()->objectPrototype, d()->functionPrototype);
     d()->numberPrototype = new NumberPrototype(exec, d()->objectPrototype, d()->functionPrototype);
     d()->datePrototype = new DatePrototype(exec, d()->objectPrototype);
     d()->regExpPrototype = new RegExpPrototype(exec, d()->objectPrototype, d()->functionPrototype);
     d()->errorPrototype = new ErrorPrototype(exec, d()->objectPrototype, d()->functionPrototype);
     d()->evalErrorPrototype = new NativeErrorPrototype(exec, d()->errorPrototype, "EvalError", "EvalError");
     d()->rangeErrorPrototype = new NativeErrorPrototype(exec, d()->errorPrototype, "RangeError", "RangeError");
     d()->referenceErrorPrototype = new NativeErrorPrototype(exec, d()->errorPrototype, "ReferenceError", "ReferenceError");
     d()->syntaxErrorPrototype = new NativeErrorPrototype(exec, d()->errorPrototype, "SyntaxError", "SyntaxError");
     d()->typeErrorPrototype = new NativeErrorPrototype(exec, d()->errorPrototype, "TypeError", "TypeError");
     d()->URIErrorPrototype = new NativeErrorPrototype(exec, d()->errorPrototype, "URIError", "URIError");
+    d()->arrayPrototype = new (exec) ArrayPrototype(exec, d()->objectPrototype);
+    d()->stringPrototype = new (exec) StringPrototype(exec, d()->objectPrototype);
+    d()->booleanPrototype = new (exec) BooleanPrototype(exec, d()->objectPrototype, d()->functionPrototype);
+    d()->numberPrototype = new (exec) NumberPrototype(exec, d()->objectPrototype, d()->functionPrototype);
+    d()->datePrototype = new (exec) DatePrototype(exec, d()->objectPrototype);
+    d()->regExpPrototype = new (exec) RegExpPrototype(exec, d()->objectPrototype, d()->functionPrototype);
+    d()->errorPrototype = new (exec) ErrorPrototype(exec, d()->objectPrototype, d()->functionPrototype);
+    d()->evalErrorPrototype = new (exec) NativeErrorPrototype(exec, d()->errorPrototype, "EvalError", "EvalError");
+    d()->rangeErrorPrototype = new (exec) NativeErrorPrototype(exec, d()->errorPrototype, "RangeError", "RangeError");
+    d()->referenceErrorPrototype = new (exec) NativeErrorPrototype(exec, d()->errorPrototype, "ReferenceError", "ReferenceError");
+    d()->syntaxErrorPrototype = new (exec) NativeErrorPrototype(exec, d()->errorPrototype, "SyntaxError", "SyntaxError");
+    d()->typeErrorPrototype = new (exec) NativeErrorPrototype(exec, d()->errorPrototype, "TypeError", "TypeError");
+    d()->URIErrorPrototype = new (exec) NativeErrorPrototype(exec, d()->errorPrototype, "URIError", "URIError");
     // Constructors
     d()->objectConstructor = new ObjectObjectImp(exec, d()->objectPrototype, d()->functionPrototype);
     d()->functionConstructor = new FunctionObjectImp(exec, d()->functionPrototype);
     d()->arrayConstructor = new ArrayObjectImp(exec, d()->functionPrototype, d()->arrayPrototype);
     d()->stringConstructor = new StringObjectImp(exec, d()->functionPrototype, d()->stringPrototype);
     d()->booleanConstructor = new BooleanObjectImp(exec, d()->functionPrototype, d()->booleanPrototype);
     d()->numberConstructor = new NumberObjectImp(exec, d()->functionPrototype, d()->numberPrototype);
     d()->dateConstructor = new DateObjectImp(exec, d()->functionPrototype, d()->datePrototype);
     d()->regExpConstructor = new RegExpObjectImp(exec, d()->functionPrototype, d()->regExpPrototype);
     d()->errorConstructor = new ErrorObjectImp(exec, d()->functionPrototype, d()->errorPrototype);
     d()->evalErrorConstructor = new NativeErrorImp(exec, d()->functionPrototype, d()->evalErrorPrototype);
     d()->rangeErrorConstructor = new NativeErrorImp(exec, d()->functionPrototype, d()->rangeErrorPrototype);
     d()->referenceErrorConstructor = new NativeErrorImp(exec, d()->functionPrototype, d()->referenceErrorPrototype);
     d()->syntaxErrorConstructor = new NativeErrorImp(exec, d()->functionPrototype, d()->syntaxErrorPrototype);
     d()->typeErrorConstructor = new NativeErrorImp(exec, d()->functionPrototype, d()->typeErrorPrototype);
     d()->URIErrorConstructor = new NativeErrorImp(exec, d()->functionPrototype, d()->URIErrorPrototype);
+    d()->objectConstructor = new (exec) ObjectObjectImp(exec, d()->objectPrototype, d()->functionPrototype);
+    d()->functionConstructor = new (exec) FunctionObjectImp(exec, d()->functionPrototype);
+    d()->arrayConstructor = new (exec) ArrayObjectImp(exec, d()->functionPrototype, d()->arrayPrototype);
+    d()->stringConstructor = new (exec) StringObjectImp(exec, d()->functionPrototype, d()->stringPrototype);
+    d()->booleanConstructor = new (exec) BooleanObjectImp(exec, d()->functionPrototype, d()->booleanPrototype);
+    d()->numberConstructor = new (exec) NumberObjectImp(exec, d()->functionPrototype, d()->numberPrototype);
+    d()->dateConstructor = new (exec) DateObjectImp(exec, d()->functionPrototype, d()->datePrototype);
+    d()->regExpConstructor = new (exec) RegExpObjectImp(exec, d()->functionPrototype, d()->regExpPrototype);
+    d()->errorConstructor = new (exec) ErrorObjectImp(exec, d()->functionPrototype, d()->errorPrototype);
+    d()->evalErrorConstructor = new (exec) NativeErrorImp(exec, d()->functionPrototype, d()->evalErrorPrototype);
+    d()->rangeErrorConstructor = new (exec) NativeErrorImp(exec, d()->functionPrototype, d()->rangeErrorPrototype);
+    d()->referenceErrorConstructor = new (exec) NativeErrorImp(exec, d()->functionPrototype, d()->referenceErrorPrototype);
+    d()->syntaxErrorConstructor = new (exec) NativeErrorImp(exec, d()->functionPrototype, d()->syntaxErrorPrototype);
+    d()->typeErrorConstructor = new (exec) NativeErrorImp(exec, d()->functionPrototype, d()->typeErrorPrototype);
+    d()->URIErrorConstructor = new (exec) NativeErrorImp(exec, d()->functionPrototype, d()->URIErrorPrototype);
     d()->functionPrototype->putDirect(exec->propertyNames().constructor, d()->functionConstructor, DontEnum);
 …
     // Set global values.
     Identifier mathIdent = "Math";
     JSValue* mathObject = new MathObjectImp(exec, d()->objectPrototype);
+    JSValue* mathObject = new (exec) MathObjectImp(exec, d()->objectPrototype);
     symbolTableInsert(mathIdent, mathObject, DontEnum | DontDelete);
     Identifier nanIdent = "NaN";
     JSValue* nanValue = jsNaN();
+    JSValue* nanValue = jsNaN(exec);
     symbolTableInsert(nanIdent, nanValue, DontEnum | DontDelete);
     Identifier infinityIdent = "Infinity";
     JSValue* infinityValue = jsNumber(Inf);
+    JSValue* infinityValue = jsNumber(exec, Inf);
     symbolTableInsert(infinityIdent, infinityValue, DontEnum | DontDelete);
 …
     // Set global functions.
     d()->evalFunction = new PrototypeReflexiveFunction(exec, d()->functionPrototype, 1, exec->propertyNames().eval, globalFuncEval, this);
+    d()->evalFunction = new (exec) PrototypeReflexiveFunction(exec, d()->functionPrototype, 1, exec->propertyNames().eval, globalFuncEval, this);
     putDirectFunction(d()->evalFunction, DontEnum);
     putDirectFunction(new PrototypeFunction(exec, d()->functionPrototype, 2, "parseInt", globalFuncParseInt), DontEnum);
     putDirectFunction(new PrototypeFunction(exec, d()->functionPrototype, 1, "parseFloat", globalFuncParseFloat), DontEnum);
     putDirectFunction(new PrototypeFunction(exec, d()->functionPrototype, 1, "isNaN", globalFuncIsNaN), DontEnum);
     putDirectFunction(new PrototypeFunction(exec, d()->functionPrototype, 1, "isFinite", globalFuncIsFinite), DontEnum);
     putDirectFunction(new PrototypeFunction(exec, d()->functionPrototype, 1, "escape", globalFuncEscape), DontEnum);
     putDirectFunction(new PrototypeFunction(exec, d()->functionPrototype, 1, "unescape", globalFuncUnescape), DontEnum);
     putDirectFunction(new PrototypeFunction(exec, d()->functionPrototype, 1, "decodeURI", globalFuncDecodeURI), DontEnum);
     putDirectFunction(new PrototypeFunction(exec, d()->functionPrototype, 1, "decodeURIComponent", globalFuncDecodeURIComponent), DontEnum);
     putDirectFunction(new PrototypeFunction(exec, d()->functionPrototype, 1, "encodeURI", globalFuncEncodeURI), DontEnum);
     putDirectFunction(new PrototypeFunction(exec, d()->functionPrototype, 1, "encodeURIComponent", globalFuncEncodeURIComponent), DontEnum);
+    putDirectFunction(new (exec) PrototypeFunction(exec, d()->functionPrototype, 2, "parseInt", globalFuncParseInt), DontEnum);
+    putDirectFunction(new (exec) PrototypeFunction(exec, d()->functionPrototype, 1, "parseFloat", globalFuncParseFloat), DontEnum);
+    putDirectFunction(new (exec) PrototypeFunction(exec, d()->functionPrototype, 1, "isNaN", globalFuncIsNaN), DontEnum);
+    putDirectFunction(new (exec) PrototypeFunction(exec, d()->functionPrototype, 1, "isFinite", globalFuncIsFinite), DontEnum);
+    putDirectFunction(new (exec) PrototypeFunction(exec, d()->functionPrototype, 1, "escape", globalFuncEscape), DontEnum);
+    putDirectFunction(new (exec) PrototypeFunction(exec, d()->functionPrototype, 1, "unescape", globalFuncUnescape), DontEnum);
+    putDirectFunction(new (exec) PrototypeFunction(exec, d()->functionPrototype, 1, "decodeURI", globalFuncDecodeURI), DontEnum);
+    putDirectFunction(new (exec) PrototypeFunction(exec, d()->functionPrototype, 1, "decodeURIComponent", globalFuncDecodeURIComponent), DontEnum);
+    putDirectFunction(new (exec) PrototypeFunction(exec, d()->functionPrototype, 1, "encodeURI", globalFuncEncodeURI), DontEnum);
+    putDirectFunction(new (exec) PrototypeFunction(exec, d()->functionPrototype, 1, "encodeURIComponent", globalFuncEncodeURIComponent), DontEnum);
 #ifndef NDEBUG
     putDirectFunction(new PrototypeFunction(exec, d()->functionPrototype, 1, "kjsprint", globalFuncKJSPrint), DontEnum);
+    putDirectFunction(new (exec) PrototypeFunction(exec, d()->functionPrototype, 1, "kjsprint", globalFuncKJSPrint), DontEnum);
 #endif
 …
     ASSERT(exec->codeType() == FunctionCode);
     ActivationImp* newActivation = new ActivationImp(*oldActivation->d(), leaveRelic);
+    ActivationImp* newActivation = new (exec) ActivationImp(*oldActivation->d(), leaveRelic);
     if (!leaveRelic) {
 …
+}
+void* JSGlobalObject::operator new(size_t size)
+{
+    return Heap::threadHeap()->allocate(size);
+}
 } // namespace KJS

trunk/JavaScriptCore/kjs/JSGlobalObject.h

-              r32652
+              r32807
         virtual void putWithAttributes(ExecState*, const Identifier& propertyName, JSValue* value, unsigned attributes);
         // Linked list of all global objects.
         static JSGlobalObject* head() { return s_head; }
+        // Per-thread linked list of all global objects.
+        static JSGlobalObject*& head();
         JSGlobalObject* next() { return d()->next; }
 …
         static ThreadClassInfoHashTables* threadClassInfoHashTables();
+        void* operator new(size_t);
     private:
         void init(JSObject* thisValue);
 …
         void deleteActivationStack();
         void checkActivationCount();
-        static JSGlobalObject* s_head;
     };

trunk/JavaScriptCore/kjs/JSLock.cpp

-              r21122
+              r32807
+}
-void JSLock::registerThread()
+{
-    Collector::registerThread();
+}
 JSLock::DropAllLocks::DropAllLocks()
     : m_lockCount(0)
 …
+}
-void JSLock::registerThread()
+{
+}
 JSLock::DropAllLocks::DropAllLocks()
+{

trunk/JavaScriptCore/kjs/JSLock.h

-              r28468
+              r32807
+        {
             lock();
-            registerThread();
+        }
 …
         static int lockCount();
         static bool currentThreadIsHoldingLock();
-        static void registerThread();
         class DropAllLocks : Noncopyable {

trunk/JavaScriptCore/kjs/array_instance.cpp

r32652	r32807
77	77	m_storage = static_cast<ArrayStorage*>(fastZeroedMalloc(storageSize(initialCapacity)));
78	78
79		~~Collector::~~reportExtraMemoryCost(initialCapacity * sizeof(JSValue*));
	79	Heap::heap(this)->reportExtraMemoryCost(initialCapacity * sizeof(JSValue*));
80	80	}
81	81
…	…
129	129	}
130	130
131		JSValue* ArrayInstance::lengthGetter(ExecState, JSObject, const Identifier&, const PropertySlot& slot)
132		{
133		return jsNumber(static_cast<ArrayInstance*>(slot.slotBase())->m_length);
	131	JSValue* ArrayInstance::lengthGetter(ExecState* exec, JSObject*, const Identifier&, const PropertySlot& slot)
	132	{
	133	return jsNumber(exec, static_cast<ArrayInstance*>(slot.slotBase())->m_length);
134	134	}
135	135

trunk/JavaScriptCore/kjs/array_object.cpp

-              r32652
+              r32807
     Vector<UChar, 256> strBuffer;
     if (alreadyVisited)
         return jsString(UString(0, 0)); // return an empty string, avoding infinite recursion.
+        return jsString(exec, UString(0, 0)); // return an empty string, avoding infinite recursion.
     unsigned length = thisObj->get(exec, exec->propertyNames().length)->toUInt32(exec);
 …
+    }
     exec->dynamicGlobalObject()->arrayVisitedElements().remove(thisObj);
     return jsString(UString(strBuffer.data(), strBuffer.data() ? strBuffer.size() : 0));
+    return jsString(exec, UString(strBuffer.data(), strBuffer.data() ? strBuffer.size() : 0));
+}
 …
     Vector<UChar, 256> strBuffer;
     if (alreadyVisited)
         return jsString(UString(0, 0)); // return an empty string, avoding infinite recursion.
+        return jsString(exec, UString(0, 0)); // return an empty string, avoding infinite recursion.
     unsigned length = thisObj->get(exec, exec->propertyNames().length)->toUInt32(exec);
 …
+    }
     exec->dynamicGlobalObject()->arrayVisitedElements().remove(thisObj);
     return jsString(UString(strBuffer.data(), strBuffer.data() ? strBuffer.size() : 0));
+    return jsString(exec, UString(strBuffer.data(), strBuffer.data() ? strBuffer.size() : 0));
+}
 …
     Vector<UChar, 256> strBuffer;
     if (alreadyVisited)
         return jsString(UString(0, 0)); // return an empty string, avoding infinite recursion.
+        return jsString(exec, UString(0, 0)); // return an empty string, avoding infinite recursion.
     UChar comma = ',';
 …
+    }
     exec->dynamicGlobalObject()->arrayVisitedElements().remove(thisObj);
     return jsString(UString(strBuffer.data(), strBuffer.data() ? strBuffer.size() : 0));
+    return jsString(exec, UString(strBuffer.data(), strBuffer.data() ? strBuffer.size() : 0));
+}
 …
         ++it;
+    }
     arr->put(exec, exec->propertyNames().length, jsNumber(n));
+    arr->put(exec, exec->propertyNames().length, jsNumber(exec, n));
     return arr;
+}
 …
     unsigned length = thisObj->get(exec, exec->propertyNames().length)->toUInt32(exec);
     if (length == 0) {
         thisObj->put(exec, exec->propertyNames().length, jsNumber(length));
+        thisObj->put(exec, exec->propertyNames().length, jsNumber(exec, length));
         result = jsUndefined();
     } else {
         result = thisObj->get(exec, length - 1);
         thisObj->deleteProperty(exec, length - 1);
         thisObj->put(exec, exec->propertyNames().length, jsNumber(length - 1));
+        thisObj->put(exec, exec->propertyNames().length, jsNumber(exec, length - 1));
+    }
     return result;
 …
         thisObj->put(exec, length + n, args[n]);
     length += args.size();
     thisObj->put(exec, exec->propertyNames().length, jsNumber(length));
     return jsNumber(length);
+    thisObj->put(exec, exec->propertyNames().length, jsNumber(exec, length));
+    return jsNumber(exec, length);
+}
 …
     unsigned length = thisObj->get(exec, exec->propertyNames().length)->toUInt32(exec);
     if (length == 0) {
         thisObj->put(exec, exec->propertyNames().length, jsNumber(length));
+        thisObj->put(exec, exec->propertyNames().length, jsNumber(exec, length));
         result = jsUndefined();
     } else {
 …
+        }
         thisObj->deleteProperty(exec, length - 1);
         thisObj->put(exec, exec->propertyNames().length, jsNumber(length - 1));
+        thisObj->put(exec, exec->propertyNames().length, jsNumber(exec, length - 1));
+    }
     return result;
 …
             resObj->put(exec, n, v);
+    }
     resObj->put(exec, exec->propertyNames().length, jsNumber(n));
+    resObj->put(exec, exec->propertyNames().length, jsNumber(exec, n));
     return result;
+}
 …
             resObj->put(exec, k, v);
+    }
     resObj->put(exec, exec->propertyNames().length, jsNumber(deleteCount));
+    resObj->put(exec, exec->propertyNames().length, jsNumber(exec, deleteCount));
     unsigned additionalArgs = std::max<int>(args.size() - 2, 0);
 …
         thisObj->put(exec, k + begin, args[k + 2]);
     thisObj->put(exec, exec->propertyNames().length, jsNumber(length - deleteCount + additionalArgs));
+    thisObj->put(exec, exec->propertyNames().length, jsNumber(exec, length - deleteCount + additionalArgs));
     return result;
+}
 …
     for (unsigned k = 0; k < nrArgs; ++k)
         thisObj->put(exec, k, args[k]);
     JSValue* result = jsNumber(length + nrArgs);
+    JSValue* result = jsNumber(exec, length + nrArgs);
     thisObj->put(exec, exec->propertyNames().length, result);
     return result;
 …
         eachArguments.append(v);
         eachArguments.append(jsNumber(k));
+        eachArguments.append(jsNumber(exec, k));
         eachArguments.append(thisObj);
 …
     List mapArgs;
     mapArgs.append(jsNumber(length));
+    mapArgs.append(jsNumber(exec, length));
     JSObject* resultArray = static_cast<JSObject*>(exec->lexicalGlobalObject()->arrayConstructor()->construct(exec, mapArgs));
 …
         eachArguments.append(v);
         eachArguments.append(jsNumber(k));
+        eachArguments.append(jsNumber(exec, k));
         eachArguments.append(thisObj);
 …
         eachArguments.append(slot.getValue(exec, thisObj, k));
         eachArguments.append(jsNumber(k));
+        eachArguments.append(jsNumber(exec, k));
         eachArguments.append(thisObj);
 …
         List eachArguments;
         eachArguments.append(slot.getValue(exec, thisObj, k));
         eachArguments.append(jsNumber(k));
+        eachArguments.append(jsNumber(exec, k));
         eachArguments.append(thisObj);
 …
         List eachArguments;
         eachArguments.append(slot.getValue(exec, thisObj, k));
         eachArguments.append(jsNumber(k));
+        eachArguments.append(jsNumber(exec, k));
         eachArguments.append(thisObj);
 …
             continue;
         if (strictEqual(exec, searchElement, e))
             return jsNumber(index);
+    }
     return jsNumber(-1);
+            return jsNumber(exec, index);
+    }
+    return jsNumber(exec, -1);
+}
 …
         d += length;
         if (d < 0)
             return jsNumber(-1);
+            return jsNumber(exec, -1);
+    }
     if (d < length)
 …
             continue;
         if (strictEqual(exec, searchElement, e))
             return jsNumber(index);
+    }
     return jsNumber(-1);
+            return jsNumber(exec, index);
+    }
+    return jsNumber(exec, -1);
+}
 …
     // no. of arguments for constructor
     putDirect(exec->propertyNames().length, jsNumber(1), ReadOnly|DontDelete|DontEnum);
+    putDirect(exec->propertyNames().length, jsNumber(exec, 1), ReadOnly|DontDelete|DontEnum);
+}
 …
         if (n != args[0]->toNumber(exec))
             return throwError(exec, RangeError, "Array size is not a small enough positive integer.");
         return new ArrayInstance(exec->lexicalGlobalObject()->arrayPrototype(), n);
+        return new (exec) ArrayInstance(exec->lexicalGlobalObject()->arrayPrototype(), n);
+    }
     // otherwise the array is constructed with the arguments in it
     return new ArrayInstance(exec->lexicalGlobalObject()->arrayPrototype(), args);
+    return new (exec) ArrayInstance(exec->lexicalGlobalObject()->arrayPrototype(), args);
+}

trunk/JavaScriptCore/kjs/bool_object.cpp

-              r32652
+              r32807
     setInternalValue(jsBoolean(false));
     putDirectFunction(new PrototypeFunction(exec, functionPrototype, 0, exec->propertyNames().toString, booleanProtoFuncToString), DontEnum);
     putDirectFunction(new PrototypeFunction(exec, functionPrototype, 0, exec->propertyNames().valueOf, booleanProtoFuncValueOf), DontEnum);
+    putDirectFunction(new (exec) PrototypeFunction(exec, functionPrototype, 0, exec->propertyNames().toString, booleanProtoFuncToString), DontEnum);
+    putDirectFunction(new (exec) PrototypeFunction(exec, functionPrototype, 0, exec->propertyNames().valueOf, booleanProtoFuncValueOf), DontEnum);
+}
 …
     ASSERT(v);
     return jsString(v->toString(exec));
+    return jsString(exec, v->toString(exec));
+}
 JSValue* booleanProtoFuncValueOf(ExecState* exec, JSObject* thisObj, const List&)
 …
     // no. of arguments for constructor
     putDirect(exec->propertyNames().length, jsNumber(1), ReadOnly | DontDelete | DontEnum);
+    putDirect(exec->propertyNames().length, jsNumber(exec, 1), ReadOnly | DontDelete | DontEnum);
+}
 …
 JSObject* BooleanObjectImp::construct(ExecState* exec, const List& args)
+{
     BooleanInstance* obj(new BooleanInstance(exec->lexicalGlobalObject()->booleanPrototype()));
+    BooleanInstance* obj(new (exec) BooleanInstance(exec->lexicalGlobalObject()->booleanPrototype()));
     obj->setInternalValue(jsBoolean(args[0]->toBoolean(exec)));
     return obj;

trunk/JavaScriptCore/kjs/collector.cpp

-              r32502
+              r32807
 #if USE(MULTIPLE_THREADS)
 #include <pthread.h>
+#include <wtf/ThreadSpecific.h>
 #endif
 …
 using std::max;
+using namespace WTF;
 namespace KJS {
 …
 // tunable parameters
+const size_t SPARE_EMPTY_BLOCKS = 2;
+const size_t MIN_ARRAY_SIZE = 14;
+const size_t GROWTH_FACTOR = 2;
+const size_t LOW_WATER_FACTOR = 4;
+const size_t ALLOCATIONS_PER_COLLECTION = 4000;
+static CollectorHeap primaryHeap = { 0, 0, 0, 0, 0, 0, 0, NoOperation };
+static CollectorHeap numberHeap = { 0, 0, 0, 0, 0, 0, 0, NoOperation };
+// FIXME: I don't think this needs to be a static data member of the Collector class.
+// Just a private global like "heap" above would be fine.
+size_t Collector::mainThreadOnlyObjectCount = 0;
+static CollectorBlock* allocateBlock()
+#define SPARE_EMPTY_BLOCKS 2UL
+#define MIN_ARRAY_SIZE 14UL
+#define GROWTH_FACTOR 2UL
+#define LOW_WATER_FACTOR 4UL
+#define ALLOCATIONS_PER_COLLECTION 4000UL
+Heap::Heap()
+{
+    memset(this, 0, sizeof(Heap));
+}
+Heap* Heap::threadHeap()
+{
+#if USE(MULTIPLE_THREADS)
+    static ThreadSpecific<Heap> sharedInstance;
+    return sharedInstance;
+#else
+    static Heap sharedInstance;
+    return &sharedInstance;
+#endif
+}
+static NEVER_INLINE CollectorBlock* allocateBlock()
+{
 #if PLATFORM(DARWIN)
 …
+}
 void Collector::recordExtraCost(size_t cost)
+void Heap::recordExtraCost(size_t cost)
+{
     // Our frequency of garbage collection tries to balance memory use against speed
 …
+}
 template <Collector::HeapType heapType> struct HeapConstants;
 template <> struct HeapConstants<Collector::PrimaryHeap> {
+template <Heap::HeapType heapType> struct HeapConstants;
+template <> struct HeapConstants<Heap::PrimaryHeap> {
     static const size_t cellSize = CELL_SIZE;
     static const size_t cellsPerBlock = CELLS_PER_BLOCK;
 …
 };
 template <> struct HeapConstants<Collector::NumberHeap> {
+template <> struct HeapConstants<Heap::NumberHeap> {
     static const size_t cellSize = SMALL_CELL_SIZE;
     static const size_t cellsPerBlock = SMALL_CELLS_PER_BLOCK;
 …
 };
 template <Collector::HeapType heapType> void* Collector::heapAllocate(size_t s)
+template <Heap::HeapType heapType> void* Heap::heapAllocate(size_t s)
+{
   typedef typename HeapConstants<heapType>::Block Block;
 …
   ASSERT(JSLock::lockCount() > 0);
   ASSERT(JSLock::currentThreadIsHoldingLock());
+  ASSERT(this == threadHeap());
   ASSERT(s <= HeapConstants<heapType>::cellSize);
   UNUSED_PARAM(s); // s is now only used for the above assert
 …
     targetBlock = (Block*)allocateBlock();
     targetBlock->freeList = targetBlock->cells;
+    targetBlock->heap = this;
     targetBlockUsedCells = 0;
     heap.blocks[usedBlocks] = (CollectorBlock*)targetBlock;
 …
+}
 void* Collector::allocate(size_t s)
+void* Heap::allocate(size_t s)
+{
     return heapAllocate<PrimaryHeap>(s);
+}
 void* Collector::allocateNumber(size_t s)
+void* Heap::allocateNumber(size_t s)
+{
     return heapAllocate<NumberHeap>(s);
 …
+}
-#if USE(MULTIPLE_THREADS)
-static pthread_t mainThread;
-#endif
-void Collector::registerAsMainThread()
+{
-#if USE(MULTIPLE_THREADS)
-    mainThread = pthread_self();
-#endif
+}
-static inline bool onMainThread()
+{
-#if USE(MULTIPLE_THREADS)
-#if PLATFORM(DARWIN)
-    return pthread_main_np();
-#else
-    return !!pthread_equal(pthread_self(), mainThread);
-#endif
-#else
-    return true;
-#endif
+}
-#if USE(MULTIPLE_THREADS)
-#if PLATFORM(DARWIN)
-typedef mach_port_t PlatformThread;
-#elif PLATFORM(WIN_OS)
-struct PlatformThread {
-    PlatformThread(DWORD _id, HANDLE _handle) : id(_id), handle(_handle) {}
-    DWORD id;
-    HANDLE handle;
-};
-#endif
-static inline PlatformThread getCurrentPlatformThread()
+{
-#if PLATFORM(DARWIN)
-    return pthread_mach_thread_np(pthread_self());
-#elif PLATFORM(WIN_OS)
-    HANDLE threadHandle = pthread_getw32threadhandle_np(pthread_self());
-    return PlatformThread(GetCurrentThreadId(), threadHandle);
-#endif
+}
-class Collector::Thread {
-public:
-  Thread(pthread_t pthread, const PlatformThread& platThread, void* base)
-  : posixThread(pthread), platformThread(platThread), stackBase(base) {}
-  Thread* next;
-  pthread_t posixThread;
-  PlatformThread platformThread;
-  void* stackBase;
-};
-pthread_key_t registeredThreadKey;
-pthread_once_t registeredThreadKeyOnce = PTHREAD_ONCE_INIT;
-Collector::Thread* registeredThreads;
-static void destroyRegisteredThread(void* data)
+{
-  Collector::Thread* thread = (Collector::Thread*)data;
-  // Can't use JSLock convenience object here because we don't want to re-register
-  // an exiting thread.
-  JSLock::lock();
-  if (registeredThreads == thread) {
-    registeredThreads = registeredThreads->next;
-  } else {
-    Collector::Thread *last = registeredThreads;
-    Collector::Thread *t;
-    for (t = registeredThreads->next; t != NULL; t = t->next) {
-      if (t == thread) {
-          last->next = t->next;
-          break;
+      }
-      last = t;
+    }
-    ASSERT(t); // If t is NULL, we never found ourselves in the list.
+  }
-  JSLock::unlock();
-  delete thread;
+}
-static void initializeRegisteredThreadKey()
+{
-  pthread_key_create(&registeredThreadKey, destroyRegisteredThread);
+}
-void Collector::registerThread()
+{
-  ASSERT(JSLock::lockCount() > 0);
-  ASSERT(JSLock::currentThreadIsHoldingLock());
-  pthread_once(&registeredThreadKeyOnce, initializeRegisteredThreadKey);
-  if (!pthread_getspecific(registeredThreadKey)) {
-#if PLATFORM(DARWIN)
-      if (onMainThread())
-          CollectorHeapIntrospector::init(&primaryHeap, &numberHeap);
-#endif
-    Collector::Thread *thread = new Collector::Thread(pthread_self(), getCurrentPlatformThread(), currentThreadStackBase());
-    thread->next = registeredThreads;
-    registeredThreads = thread;
-    pthread_setspecific(registeredThreadKey, thread);
+  }
+}
-#endif
 #define IS_POINTER_ALIGNED(p) (((intptr_t)(p) & (sizeof(char *) - 1)) == 0)
 …
 #define IS_HALF_CELL_ALIGNED(p) (((intptr_t)(p) & (CELL_MASK >> 1)) == 0)
 void Collector::markStackObjectsConservatively(void *start, void *end)
+void Heap::markStackObjectsConservatively(void *start, void *end)
+{
   if (start > end) {
 …
           for (size_t block = 0; block < usedNumberBlocks; block++) {
               if ((numberBlocks[block] == blockAddr) & (offset <= lastCellOffset)) {
                   Collector::markCell(reinterpret_cast<JSCell*>(xAsBits));
+                  Heap::markCell(reinterpret_cast<JSCell*>(xAsBits));
                   goto endMarkLoop;
+              }
 …
+}
 void NEVER_INLINE Collector::markCurrentThreadConservativelyInternal()
+void NEVER_INLINE Heap::markStackObjectsConservativelyInternal()
+{
     void* dummy;
 …
+}
 void Collector::markCurrentThreadConservatively()
+void Heap::markStackObjectsConservatively()
+{
     // setjmp forces volatile registers onto the stack
 …
 #endif
+    markCurrentThreadConservativelyInternal();
+}
+#if USE(MULTIPLE_THREADS)
+static inline void suspendThread(const PlatformThread& platformThread)
+{
+#if PLATFORM(DARWIN)
+  thread_suspend(platformThread);
+#elif PLATFORM(WIN_OS)
+  SuspendThread(platformThread.handle);
+#else
+#error Need a way to suspend threads on this platform
+#endif
+}
+static inline void resumeThread(const PlatformThread& platformThread)
+{
+#if PLATFORM(DARWIN)
+  thread_resume(platformThread);
+#elif PLATFORM(WIN_OS)
+  ResumeThread(platformThread.handle);
+#else
+#error Need a way to resume threads on this platform
+#endif
+}
+typedef unsigned long usword_t; // word size, assumed to be either 32 or 64 bit
+#if PLATFORM(DARWIN)
+#if     PLATFORM(X86)
+typedef i386_thread_state_t PlatformThreadRegisters;
+#elif   PLATFORM(X86_64)
+typedef x86_thread_state64_t PlatformThreadRegisters;
+#elif   PLATFORM(PPC)
+typedef ppc_thread_state_t PlatformThreadRegisters;
+#elif   PLATFORM(PPC64)
+typedef ppc_thread_state64_t PlatformThreadRegisters;
+#else
+#error Unknown Architecture
+#endif
+#elif PLATFORM(WIN_OS)&& PLATFORM(X86)
+typedef CONTEXT PlatformThreadRegisters;
+#else
+#error Need a thread register struct for this platform
+#endif
+size_t getPlatformThreadRegisters(const PlatformThread& platformThread, PlatformThreadRegisters& regs)
+{
+#if PLATFORM(DARWIN)
+#if     PLATFORM(X86)
+  unsigned user_count = sizeof(regs)/sizeof(int);
+  thread_state_flavor_t flavor = i386_THREAD_STATE;
+#elif   PLATFORM(X86_64)
+  unsigned user_count = x86_THREAD_STATE64_COUNT;
+  thread_state_flavor_t flavor = x86_THREAD_STATE64;
+#elif   PLATFORM(PPC)
+  unsigned user_count = PPC_THREAD_STATE_COUNT;
+  thread_state_flavor_t flavor = PPC_THREAD_STATE;
+#elif   PLATFORM(PPC64)
+  unsigned user_count = PPC_THREAD_STATE64_COUNT;
+  thread_state_flavor_t flavor = PPC_THREAD_STATE64;
+#else
+#error Unknown Architecture
+#endif
+  kern_return_t result = thread_get_state(platformThread, flavor, (thread_state_t)&regs, &user_count);
+  if (result != KERN_SUCCESS) {
+    WTFReportFatalError(__FILE__, __LINE__, WTF_PRETTY_FUNCTION,
+                        "JavaScript garbage collection failed because thread_get_state returned an error (%d). This is probably the result of running inside Rosetta, which is not supported.", result);
+    CRASH();
+  }
+  return user_count * sizeof(usword_t);
+// end PLATFORM(DARWIN)
+#elif PLATFORM(WIN_OS) && PLATFORM(X86)
+  regs.ContextFlags = CONTEXT_INTEGER | CONTEXT_CONTROL | CONTEXT_SEGMENTS;
+  GetThreadContext(platformThread.handle, &regs);
+  return sizeof(CONTEXT);
+#else
+#error Need a way to get thread registers on this platform
+#endif
+}
+static inline void* otherThreadStackPointer(const PlatformThreadRegisters& regs)
+{
+#if PLATFORM(DARWIN)
+#if __DARWIN_UNIX03
+#if PLATFORM(X86)
+  return (void*)regs.__esp;
+#elif PLATFORM(X86_64)
+  return (void*)regs.__rsp;
+#elif PLATFORM(PPC) || PLATFORM(PPC64)
+  return (void*)regs.__r1;
+#else
+#error Unknown Architecture
+#endif
+#else // !__DARWIN_UNIX03
+#if PLATFORM(X86)
+  return (void*)regs.esp;
+#elif PLATFORM(X86_64)
+  return (void*)regs.rsp;
+#elif (PLATFORM(PPC) || PLATFORM(PPC64))
+  return (void*)regs.r1;
+#else
+#error Unknown Architecture
+#endif
+#endif // __DARWIN_UNIX03
+// end PLATFORM(DARWIN)
+#elif PLATFORM(X86) && PLATFORM(WIN_OS)
+  return (void*)(uintptr_t)regs.Esp;
+#else
+#error Need a way to get the stack pointer for another thread on this platform
+#endif
+}
+void Collector::markOtherThreadConservatively(Thread* thread)
+{
+  suspendThread(thread->platformThread);
+  PlatformThreadRegisters regs;
+  size_t regSize = getPlatformThreadRegisters(thread->platformThread, regs);
+  // mark the thread's registers
+  markStackObjectsConservatively((void*)&regs, (void*)((char*)&regs + regSize));
+  void* stackPointer = otherThreadStackPointer(regs);
+  markStackObjectsConservatively(stackPointer, thread->stackBase);
+  resumeThread(thread->platformThread);
+}
+#endif
+void Collector::markStackObjectsConservatively()
+{
+  markCurrentThreadConservatively();
+#if USE(MULTIPLE_THREADS)
+  for (Thread *thread = registeredThreads; thread != NULL; thread = thread->next) {
+    if (!pthread_equal(thread->posixThread, pthread_self())) {
+      markOtherThreadConservatively(thread);
+    }
+  }
+#endif
+}
+typedef HashCountedSet<JSCell*> ProtectCountSet;
+static ProtectCountSet& protectedValues()
+{
+    static ProtectCountSet staticProtectCountSet;
+    return staticProtectCountSet;
+}
+void Collector::protect(JSValue *k)
+    markStackObjectsConservativelyInternal();
+}
+void Heap::protect(JSValue *k)
+{
     ASSERT(k);
 …
       return;
     protectedValues().add(k->asCell());
+}
 void Collector::unprotect(JSValue *k)
+    protectedValues.add(k->asCell());
+}
+void Heap::unprotect(JSValue *k)
+{
     ASSERT(k);
 …
       return;
+    protectedValues().remove(k->asCell());
+}
+void Collector::collectOnMainThreadOnly(JSValue* value)
+{
+    ASSERT(value);
+    ASSERT(JSLock::lockCount() > 0);
+    ASSERT(JSLock::currentThreadIsHoldingLock());
+    if (JSImmediate::isImmediate(value))
+      return;
+    JSCell* cell = value->asCell();
+    cellBlock(cell)->collectOnMainThreadOnly.set(cellOffset(cell));
+    ++mainThreadOnlyObjectCount;
+}
+void Collector::markProtectedObjects()
+{
+  ProtectCountSet& protectedValues = KJS::protectedValues();
+  ProtectCountSet::iterator end = protectedValues.end();
+  for (ProtectCountSet::iterator it = protectedValues.begin(); it != end; ++it) {
+    protectedValues.remove(k->asCell());
+}
+Heap* Heap::heap(const JSValue* v)
+{
+    if (JSImmediate::isImmediate(v))
+        return 0;
+    // FIXME: should assert that the result equals threadHeap(), but currently, this fails as database code uses gcUnprotect from a different thread.
+    // That's a race condition and should be fixed.
+    return Heap::cellBlock(v->asCell())->heap;
+}
+void Heap::markProtectedObjects()
+{
+  HashCountedSet<JSCell*>::iterator end = protectedValues.end();
+  for (HashCountedSet<JSCell*>::iterator it = protectedValues.begin(); it != end; ++it) {
     JSCell *val = it->first;
     if (!val->marked())
 …
+}
+void Collector::markMainThreadOnlyObjects()
+{
+#if USE(MULTIPLE_THREADS)
+    ASSERT(!onMainThread());
+#endif
+    // Optimization for clients that never register "main thread only" objects.
+    if (!mainThreadOnlyObjectCount)
+        return;
+    // FIXME: We can optimize this marking algorithm by keeping an exact set of
+    // "main thread only" objects when the "main thread only" object count is
+    // small. We don't want to keep an exact set all the time, because WebCore
+    // tends to create lots of "main thread only" objects, and all that set
+    // thrashing can be expensive.
+    size_t count = 0;
+    // We don't look at the numberHeap as primitive values can never be marked as main thread only
+    for (size_t block = 0; block < primaryHeap.usedBlocks; block++) {
+        ASSERT(count < mainThreadOnlyObjectCount);
+        CollectorBlock* curBlock = primaryHeap.blocks[block];
+        size_t minimumCellsToProcess = curBlock->usedCells;
+        for (size_t i = 0; (i < minimumCellsToProcess) & (i < CELLS_PER_BLOCK); i++) {
+            CollectorCell* cell = curBlock->cells + i;
+            if (cell->u.freeCell.zeroIfFree == 0)
+                ++minimumCellsToProcess;
+            else {
+                if (curBlock->collectOnMainThreadOnly.get(i)) {
+                    if (!curBlock->marked.get(i)) {
+                        JSCell* imp = reinterpret_cast<JSCell*>(cell);
+                        imp->mark();
+                    }
+                    if (++count == mainThreadOnlyObjectCount)
+                        return;
+                }
+            }
+        }
+    }
+}
+template <Collector::HeapType heapType> size_t Collector::sweep(bool currentThreadIsMainThread)
+template <Heap::HeapType heapType> size_t Heap::sweep()
+{
     typedef typename HeapConstants<heapType>::Block Block;
     typedef typename HeapConstants<heapType>::Cell Cell;
-    UNUSED_PARAM(currentThreadIsMainThread); // currentThreadIsMainThread is only used in ASSERTs
     // SWEEP: delete everything with a zero refcount (garbage) and unmark everything else
     CollectorHeap& heap = heapType == Collector::PrimaryHeap ? primaryHeap : numberHeap;
+    CollectorHeap& heap = heapType == Heap::PrimaryHeap ? primaryHeap : numberHeap;
     size_t emptyBlocks = 0;
 …
                     Cell* cell = curBlock->cells + i;
                     if (heapType != Collector::NumberHeap) {
+                    if (heapType != Heap::NumberHeap) {
                         JSCell* imp = reinterpret_cast<JSCell*>(cell);
                         // special case for allocated but uninitialized object
 …
                             continue;
-                        ASSERT(currentThreadIsMainThread || !curBlock->collectOnMainThreadOnly.get(i));
-                        if (curBlock->collectOnMainThreadOnly.get(i)) {
-                            curBlock->collectOnMainThreadOnly.clear(i);
-                            --Collector::mainThreadOnlyObjectCount;
+                        }
                         imp->~JSCell();
+                    }
 …
                 } else {
                     if (!curBlock->marked.get(i >> HeapConstants<heapType>::bitmapShift)) {
                         if (heapType != Collector::NumberHeap) {
+                        if (heapType != Heap::NumberHeap) {
                             JSCell *imp = reinterpret_cast<JSCell*>(cell);
-                            ASSERT(currentThreadIsMainThread || !curBlock->collectOnMainThreadOnly.get(i));
-                            if (curBlock->collectOnMainThreadOnly.get(i)) {
-                                curBlock->collectOnMainThreadOnly.clear(i);
-                                --Collector::mainThreadOnlyObjectCount;
+                            }
                             imp->~JSCell();
+                        }
 …
+}
 bool Collector::collect()
+bool Heap::collect()
+{
   ASSERT(JSLock::lockCount() > 0);
   ASSERT(JSLock::currentThreadIsHoldingLock());
+  ASSERT(this == threadHeap());
   ASSERT((primaryHeap.operationInProgress == NoOperation) | (numberHeap.operationInProgress == NoOperation));
 …
   numberHeap.operationInProgress = Collection;
-  bool currentThreadIsMainThread = onMainThread();
   // MARK: first mark all referenced objects recursively starting out from the set of root objects
 …
   markStackObjectsConservatively();
   markProtectedObjects();
+  List::markProtectedLists();
+#if USE(MULTIPLE_THREADS)
+  if (!currentThreadIsMainThread)
+    markMainThreadOnlyObjects();
+#endif
+  if (m_markListSet.size())
+    List::markProtectedLists(m_markListSet);
 #ifndef NDEBUG
 …
   size_t originalLiveObjects = primaryHeap.numLiveObjects + numberHeap.numLiveObjects;
   size_t numLiveObjects = sweep<PrimaryHeap>(currentThreadIsMainThread);
   numLiveObjects += sweep<NumberHeap>(currentThreadIsMainThread);
+  size_t numLiveObjects = sweep<PrimaryHeap>();
+  numLiveObjects += sweep<NumberHeap>();
   primaryHeap.operationInProgress = NoOperation;
 …
+}
 size_t Collector::size()
+size_t Heap::size()
+{
   return primaryHeap.numLiveObjects + numberHeap.numLiveObjects;
+}
 size_t Collector::globalObjectCount()
+size_t Heap::globalObjectCount()
+{
   size_t count = 0;
 …
+}
 size_t Collector::protectedGlobalObjectCount()
+size_t Heap::protectedGlobalObjectCount()
+{
   size_t count = 0;
 …
     JSGlobalObject* o = JSGlobalObject::head();
     do {
       if (protectedValues().contains(o))
+      if (protectedValues.contains(o))
         ++count;
       o = o->next();
 …
+}
 size_t Collector::protectedObjectCount()
+{
   return protectedValues().size();
+size_t Heap::protectedObjectCount()
+{
+  return protectedValues.size();
+}
 …
+}
 HashCountedSet<const char*>* Collector::protectedObjectTypeCounts()
+HashCountedSet<const char*>* Heap::protectedObjectTypeCounts()
+{
     HashCountedSet<const char*>* counts = new HashCountedSet<const char*>;
+    ProtectCountSet& protectedValues = KJS::protectedValues();
+    ProtectCountSet::iterator end = protectedValues.end();
+    for (ProtectCountSet::iterator it = protectedValues.begin(); it != end; ++it)
+    HashCountedSet<JSCell*>::iterator end = protectedValues.end();
+    for (HashCountedSet<JSCell*>::iterator it = protectedValues.begin(); it != end; ++it)
         counts->add(typeName(it->first));
 …
+}
 bool Collector::isBusy()
+bool Heap::isBusy()
+{
     return (primaryHeap.operationInProgress != NoOperation) | (numberHeap.operationInProgress != NoOperation);
+}
 void Collector::reportOutOfMemoryToAllExecStates()
+void Heap::reportOutOfMemoryToAllExecStates()
+{
     if (!JSGlobalObject::head())

trunk/JavaScriptCore/kjs/collector.h

-              r31787
+              r32807
 #include <string.h>
 #include <wtf/HashCountedSet.h>
+#include <wtf/HashSet.h>
+namespace WTF {
+  template<typename T> class ThreadSpecific;
+}
 namespace KJS {
+  class CollectorBlock;
   class JSCell;
   class JSValue;
+  class CollectorBlock;
+  class Collector {
+  class List;
+  enum OperationInProgress { NoOperation, Allocation, Collection };
+  struct CollectorHeap {
+    CollectorBlock** blocks;
+    size_t numBlocks;
+    size_t usedBlocks;
+    size_t firstBlockWithPossibleSpace;
+    size_t numLiveObjects;
+    size_t numLiveObjectsAtLastCollect;
+    size_t extraCost;
+    OperationInProgress operationInProgress;
+  };
+  class Heap {
   public:
+    static void* allocate(size_t s);
+    static void* allocateNumber(size_t s);
+    static bool collect();
+    static bool isBusy(); // true if an allocation or collection is in progress
+    static Heap* threadHeap();
+    void* allocate(size_t s);
+    void* allocateNumber(size_t s);
+    bool collect();
+    bool isBusy(); // true if an allocation or collection is in progress
     static const size_t minExtraCostSize = 256;
     static void reportExtraMemoryCost(size_t cost);
     static size_t size();
     static void protect(JSValue*);
     static void unprotect(JSValue*);
+    void reportExtraMemoryCost(size_t cost);
+    size_t size();
+    void protect(JSValue*);
+    void unprotect(JSValue*);
+    static void collectOnMainThreadOnly(JSValue*);
+    static size_t globalObjectCount();
+    static size_t protectedObjectCount();
+    static size_t protectedGlobalObjectCount();
+    static HashCountedSet<const char*>* protectedObjectTypeCounts();
+    class Thread;
+    static void registerThread();
+    static void registerAsMainThread();
+    static Heap* heap(const JSValue*); // 0 for immediate values
+    size_t globalObjectCount();
+    size_t protectedObjectCount();
+    size_t protectedGlobalObjectCount();
+    HashCountedSet<const char*>* protectedObjectTypeCounts();
     static bool isCellMarked(const JSCell*);
     static void markCell(JSCell*);
+    HashSet<List*>& markListSet() { return m_markListSet; }
     enum HeapType { PrimaryHeap, NumberHeap };
   private:
+    template <Collector::HeapType heapType> static void* heapAllocate(size_t s);
+    template <Collector::HeapType heapType> static size_t sweep(bool);
+    friend class WTF::ThreadSpecific<Heap>;
+    Heap();
+    Heap(const Heap&);
+    template <Heap::HeapType heapType> void* heapAllocate(size_t s);
+    template <Heap::HeapType heapType> size_t sweep();
     static const CollectorBlock* cellBlock(const JSCell*);
     static CollectorBlock* cellBlock(JSCell*);
     static size_t cellOffset(const JSCell*);
+    Collector();
+    static void recordExtraCost(size_t);
+    static void markProtectedObjects();
+    static void markMainThreadOnlyObjects();
+    static void markCurrentThreadConservatively();
+    static void markCurrentThreadConservativelyInternal();
+    static void markOtherThreadConservatively(Thread*);
+    static void markStackObjectsConservatively();
+    static void markStackObjectsConservatively(void* start, void* end);
+    static size_t mainThreadOnlyObjectCount;
+    static bool memoryFull;
+    static void reportOutOfMemoryToAllExecStates();
+    void recordExtraCost(size_t);
+    void markProtectedObjects();
+    void markStackObjectsConservativelyInternal();
+    void markStackObjectsConservatively();
+    void markStackObjectsConservatively(void* start, void* end);
+    bool memoryFull;
+    void reportOutOfMemoryToAllExecStates();
+    CollectorHeap primaryHeap;
+    CollectorHeap numberHeap;
+    HashCountedSet<JSCell*> protectedValues;
+    HashSet<List*> m_markListSet;
   };
 …
     CollectorCell* freeList;
     CollectorBitmap marked;
     CollectorBitmap collectOnMainThreadOnly;
+    Heap* heap;
   };
 …
     SmallCollectorCell* freeList;
     CollectorBitmap marked;
+    CollectorBitmap collectOnMainThreadOnly;
+  };
+  enum OperationInProgress { NoOperation, Allocation, Collection };
+  struct CollectorHeap {
+    CollectorBlock** blocks;
+    size_t numBlocks;
+    size_t usedBlocks;
+    size_t firstBlockWithPossibleSpace;
+    size_t numLiveObjects;
+    size_t numLiveObjectsAtLastCollect;
+    size_t extraCost;
+    OperationInProgress operationInProgress;
+  };
+  inline const CollectorBlock* Collector::cellBlock(const JSCell* cell)
+    Heap* heap;
+  };
+  inline const CollectorBlock* Heap::cellBlock(const JSCell* cell)
+  {
     return reinterpret_cast<const CollectorBlock*>(reinterpret_cast<uintptr_t>(cell) & BLOCK_MASK);
+  }
   inline CollectorBlock* Collector::cellBlock(JSCell* cell)
+  inline CollectorBlock* Heap::cellBlock(JSCell* cell)
+  {
     return const_cast<CollectorBlock*>(cellBlock(const_cast<const JSCell*>(cell)));
+  }
   inline size_t Collector::cellOffset(const JSCell* cell)
+  inline size_t Heap::cellOffset(const JSCell* cell)
+  {
     return (reinterpret_cast<uintptr_t>(cell) & BLOCK_OFFSET_MASK) / CELL_SIZE;
+  }
   inline bool Collector::isCellMarked(const JSCell* cell)
+  inline bool Heap::isCellMarked(const JSCell* cell)
+  {
     return cellBlock(cell)->marked.get(cellOffset(cell));
+  }
   inline void Collector::markCell(JSCell* cell)
+  inline void Heap::markCell(JSCell* cell)
+  {
     cellBlock(cell)->marked.set(cellOffset(cell));
+  }
   inline void Collector::reportExtraMemoryCost(size_t cost)
+  inline void Heap::reportExtraMemoryCost(size_t cost)
+  {
     if (cost > minExtraCostSize)

trunk/JavaScriptCore/kjs/date_object.cpp

-              r32652
+              r32807
 enum LocaleDateTimeFormat { LocaleDateAndTime, LocaleDate, LocaleTime };
 static JSCell* formatLocaleDate(const GregorianDateTime& gdt, const LocaleDateTimeFormat format)
+static JSCell* formatLocaleDate(ExecState* exec, const GregorianDateTime& gdt, const LocaleDateTimeFormat format)
+{
     static const char* formatStrings[] = {"%#c", "%#x", "%X"};
 …
     if ( ret == 0 )
         return jsString("");
+        return jsString(exec, "");
     // Copy original into the buffer
 …
+    }
     return jsString(timebuffer);
+    return jsString(exec, timebuffer);
+}
 …
 // ECMA 15.9.4
 DatePrototype::DatePrototype(ExecState *, ObjectPrototype *objectProto)
+DatePrototype::DatePrototype(ExecState* exec, ObjectPrototype *objectProto)
   : DateInstance(objectProto)
+{
     setInternalValue(jsNaN());
+    setInternalValue(jsNaN(exec));
     // The constructor will be added later, after DateObjectImp has been built.
+}
 …
+{
   putDirect(exec->propertyNames().prototype, dateProto, DontEnum|DontDelete|ReadOnly);
   putDirectFunction(new DateObjectFuncImp(exec, funcProto, DateObjectFuncImp::Parse, 1, exec->propertyNames().parse), DontEnum);
   putDirectFunction(new DateObjectFuncImp(exec, funcProto, DateObjectFuncImp::UTC, 7, exec->propertyNames().UTC), DontEnum);
   putDirect(exec->propertyNames().length, 7, ReadOnly|DontDelete|DontEnum);
+  putDirectFunction(new (exec) DateObjectFuncImp(exec, funcProto, DateObjectFuncImp::Parse, 1, exec->propertyNames().parse), DontEnum);
+  putDirectFunction(new (exec) DateObjectFuncImp(exec, funcProto, DateObjectFuncImp::UTC, 7, exec->propertyNames().UTC), DontEnum);
+  putDirect(exec, exec->propertyNames().length, 7, ReadOnly|DontDelete|DontEnum);
+}
 …
+  }
   DateInstance *ret = new DateInstance(exec->lexicalGlobalObject()->datePrototype());
   ret->setInternalValue(jsNumber(timeClip(value)));
+  DateInstance* ret = new (exec) DateInstance(exec->lexicalGlobalObject()->datePrototype());
+  ret->setInternalValue(jsNumber(exec, timeClip(value)));
   return ret;
+}
 // ECMA 15.9.2
 JSValue *DateObjectImp::callAsFunction(ExecState * /*exec*/, JSObject * /*thisObj*/, const List &/*args*/)
+JSValue* DateObjectImp::callAsFunction(ExecState* exec, JSObject* /*thisObj*/, const List& /*args*/)
+{
     time_t localTime = time(0);
 …
     getLocalTime(&localTime, &localTM);
     GregorianDateTime ts(localTM);
     return jsString(formatDate(ts) + " " + formatTime(ts, false));
+    return jsString(exec, formatDate(ts) + " " + formatTime(ts, false));
+}
 …
     : InternalFunctionImp(funcProto, name), id(i)
+{
     putDirect(exec->propertyNames().length, len, DontDelete|ReadOnly|DontEnum);
+    putDirect(exec, exec->propertyNames().length, len, DontDelete|ReadOnly|DontEnum);
+}
 …
+{
   if (id == Parse) {
     return jsNumber(parseDate(args[0]->toString(exec)));
+    return jsNumber(exec, parseDate(args[0]->toString(exec)));
+  }
   else { // UTC
 …
         || (n >= 6 && isnan(args[5]->toNumber(exec)))
         || (n >= 7 && isnan(args[6]->toNumber(exec)))) {
       return jsNaN();
+      return jsNaN(exec);
+    }
 …
     t.second = args[5]->toInt32(exec);
     double ms = (n >= 7) ? args[6]->toNumber(exec) : 0;
     return jsNumber(gregorianDateTimeToMS(t, ms, true));
+    return jsNumber(exec, gregorianDateTimeToMS(t, ms, true));
+  }
+}
 …
     double milli = v->toNumber(exec);
     if (isnan(milli))
         return jsString("Invalid Date");
     GregorianDateTime t;
     thisDateObj->msToGregorianDateTime(milli, utc, t);
     return jsString(formatDate(t) + " " + formatTime(t, utc));
+        return jsString(exec, "Invalid Date");
+    GregorianDateTime t;
+    thisDateObj->msToGregorianDateTime(milli, utc, t);
+    return jsString(exec, formatDate(t) + " " + formatTime(t, utc));
+}
 …
     double milli = v->toNumber(exec);
     if (isnan(milli))
         return jsString("Invalid Date");
     GregorianDateTime t;
     thisDateObj->msToGregorianDateTime(milli, utc, t);
     return jsString(formatDateUTCVariant(t) + " " + formatTime(t, utc));
+        return jsString(exec, "Invalid Date");
+    GregorianDateTime t;
+    thisDateObj->msToGregorianDateTime(milli, utc, t);
+    return jsString(exec, formatDateUTCVariant(t) + " " + formatTime(t, utc));
+}
 …
     double milli = v->toNumber(exec);
     if (isnan(milli))
         return jsString("Invalid Date");
     GregorianDateTime t;
     thisDateObj->msToGregorianDateTime(milli, utc, t);
     return jsString(formatDate(t));
+        return jsString(exec, "Invalid Date");
+    GregorianDateTime t;
+    thisDateObj->msToGregorianDateTime(milli, utc, t);
+    return jsString(exec, formatDate(t));
+}
 …
     double milli = v->toNumber(exec);
     if (isnan(milli))
         return jsString("Invalid Date");
     GregorianDateTime t;
     thisDateObj->msToGregorianDateTime(milli, utc, t);
     return jsString(formatTime(t, utc));
+        return jsString(exec, "Invalid Date");
+    GregorianDateTime t;
+    thisDateObj->msToGregorianDateTime(milli, utc, t);
+    return jsString(exec, formatTime(t, utc));
+}
 …
     double milli = v->toNumber(exec);
     if (isnan(milli))
         return jsString("Invalid Date");
+        return jsString(exec, "Invalid Date");
 #if PLATFORM(MAC)
     double secs = floor(milli / msPerSecond);
     return jsString(formatLocaleDate(exec, secs, true, true, args));
+    return jsString(exec, formatLocaleDate(exec, secs, true, true, args));
 #else
     UNUSED_PARAM(args);
 …
     GregorianDateTime t;
     thisDateObj->msToGregorianDateTime(milli, utc, t);
     return formatLocaleDate(t, LocaleDateAndTime);
+    return formatLocaleDate(exec, t, LocaleDateAndTime);
 #endif
+}
 …
     double milli = v->toNumber(exec);
     if (isnan(milli))
         return jsString("Invalid Date");
+        return jsString(exec, "Invalid Date");
 #if PLATFORM(MAC)
     double secs = floor(milli / msPerSecond);
     return jsString(formatLocaleDate(exec, secs, true, false, args));
+    return jsString(exec, formatLocaleDate(exec, secs, true, false, args));
 #else
     UNUSED_PARAM(args);
 …
     GregorianDateTime t;
     thisDateObj->msToGregorianDateTime(milli, utc, t);
     return formatLocaleDate(t, LocaleDate);
+    return formatLocaleDate(exec, t, LocaleDate);
 #endif
+}
 …
     double milli = v->toNumber(exec);
     if (isnan(milli))
         return jsString("Invalid Date");
+        return jsString(exec, "Invalid Date");
 #if PLATFORM(MAC)
     double secs = floor(milli / msPerSecond);
     return jsString(formatLocaleDate(exec, secs, false, true, args));
+    return jsString(exec, formatLocaleDate(exec, secs, false, true, args));
 #else
     UNUSED_PARAM(args);
 …
     GregorianDateTime t;
     thisDateObj->msToGregorianDateTime(milli, utc, t);
     return formatLocaleDate(t, LocaleTime);
+    return formatLocaleDate(exec, t, LocaleTime);
 #endif
+}
 …
     double milli = v->toNumber(exec);
     if (isnan(milli))
         return jsNaN();
     return jsNumber(milli);
+        return jsNaN(exec);
+    return jsNumber(exec, milli);
+}
 …
     double milli = v->toNumber(exec);
     if (isnan(milli))
         return jsNaN();
     return jsNumber(milli);
+        return jsNaN(exec);
+    return jsNumber(exec, milli);
+}
 …
     double milli = v->toNumber(exec);
     if (isnan(milli))
         return jsNaN();
     GregorianDateTime t;
     thisDateObj->msToGregorianDateTime(milli, utc, t);
     return jsNumber(1900 + t.year);
+        return jsNaN(exec);
+    GregorianDateTime t;
+    thisDateObj->msToGregorianDateTime(milli, utc, t);
+    return jsNumber(exec, 1900 + t.year);
+}
 …
     double milli = v->toNumber(exec);
     if (isnan(milli))
         return jsNaN();
     GregorianDateTime t;
     thisDateObj->msToGregorianDateTime(milli, utc, t);
     return jsNumber(1900 + t.year);
+        return jsNaN(exec);
+    GregorianDateTime t;
+    thisDateObj->msToGregorianDateTime(milli, utc, t);
+    return jsNumber(exec, 1900 + t.year);
+}
 …
     double milli = v->toNumber(exec);
     if (isnan(milli))
         return jsString("Invalid Date");
     GregorianDateTime t;
     thisDateObj->msToGregorianDateTime(milli, utc, t);
     return jsString(formatDateUTCVariant(t) + " " + formatTime(t, utc));
+        return jsString(exec, "Invalid Date");
+    GregorianDateTime t;
+    thisDateObj->msToGregorianDateTime(milli, utc, t);
+    return jsString(exec, formatDateUTCVariant(t) + " " + formatTime(t, utc));
+}
 …
     double milli = v->toNumber(exec);
     if (isnan(milli))
         return jsNaN();
     GregorianDateTime t;
     thisDateObj->msToGregorianDateTime(milli, utc, t);
     return jsNumber(t.month);
+        return jsNaN(exec);
+    GregorianDateTime t;
+    thisDateObj->msToGregorianDateTime(milli, utc, t);
+    return jsNumber(exec, t.month);
+}
 …
     double milli = v->toNumber(exec);
     if (isnan(milli))
         return jsNaN();
     GregorianDateTime t;
     thisDateObj->msToGregorianDateTime(milli, utc, t);
     return jsNumber(t.month);
+        return jsNaN(exec);
+    GregorianDateTime t;
+    thisDateObj->msToGregorianDateTime(milli, utc, t);
+    return jsNumber(exec, t.month);
+}
 …
     double milli = v->toNumber(exec);
     if (isnan(milli))
         return jsNaN();
     GregorianDateTime t;
     thisDateObj->msToGregorianDateTime(milli, utc, t);
     return jsNumber(t.monthDay);
+        return jsNaN(exec);
+    GregorianDateTime t;
+    thisDateObj->msToGregorianDateTime(milli, utc, t);
+    return jsNumber(exec, t.monthDay);
+}
 …
     double milli = v->toNumber(exec);
     if (isnan(milli))
         return jsNaN();
     GregorianDateTime t;
     thisDateObj->msToGregorianDateTime(milli, utc, t);
     return jsNumber(t.monthDay);
+        return jsNaN(exec);
+    GregorianDateTime t;
+    thisDateObj->msToGregorianDateTime(milli, utc, t);
+    return jsNumber(exec, t.monthDay);
+}
 …
     double milli = v->toNumber(exec);
     if (isnan(milli))
         return jsNaN();
     GregorianDateTime t;
     thisDateObj->msToGregorianDateTime(milli, utc, t);
     return jsNumber(t.weekDay);
+        return jsNaN(exec);
+    GregorianDateTime t;
+    thisDateObj->msToGregorianDateTime(milli, utc, t);
+    return jsNumber(exec, t.weekDay);
+}
 …
     double milli = v->toNumber(exec);
     if (isnan(milli))
         return jsNaN();
     GregorianDateTime t;
     thisDateObj->msToGregorianDateTime(milli, utc, t);
     return jsNumber(t.weekDay);
+        return jsNaN(exec);
+    GregorianDateTime t;
+    thisDateObj->msToGregorianDateTime(milli, utc, t);
+    return jsNumber(exec, t.weekDay);
+}
 …
     double milli = v->toNumber(exec);
     if (isnan(milli))
         return jsNaN();
     GregorianDateTime t;
     thisDateObj->msToGregorianDateTime(milli, utc, t);
     return jsNumber(t.hour);
+        return jsNaN(exec);
+    GregorianDateTime t;
+    thisDateObj->msToGregorianDateTime(milli, utc, t);
+    return jsNumber(exec, t.hour);
+}
 …
     double milli = v->toNumber(exec);
     if (isnan(milli))
         return jsNaN();
     GregorianDateTime t;
     thisDateObj->msToGregorianDateTime(milli, utc, t);
     return jsNumber(t.hour);
+        return jsNaN(exec);
+    GregorianDateTime t;
+    thisDateObj->msToGregorianDateTime(milli, utc, t);
+    return jsNumber(exec, t.hour);
+}
 …
     double milli = v->toNumber(exec);
     if (isnan(milli))
         return jsNaN();
     GregorianDateTime t;
     thisDateObj->msToGregorianDateTime(milli, utc, t);
     return jsNumber(t.minute);
+        return jsNaN(exec);
+    GregorianDateTime t;
+    thisDateObj->msToGregorianDateTime(milli, utc, t);
+    return jsNumber(exec, t.minute);
+}
 …
     double milli = v->toNumber(exec);
     if (isnan(milli))
         return jsNaN();
     GregorianDateTime t;
     thisDateObj->msToGregorianDateTime(milli, utc, t);
     return jsNumber(t.minute);
+        return jsNaN(exec);
+    GregorianDateTime t;
+    thisDateObj->msToGregorianDateTime(milli, utc, t);
+    return jsNumber(exec, t.minute);
+}
 …
     double milli = v->toNumber(exec);
     if (isnan(milli))
         return jsNaN();
     GregorianDateTime t;
     thisDateObj->msToGregorianDateTime(milli, utc, t);
     return jsNumber(t.second);
+        return jsNaN(exec);
+    GregorianDateTime t;
+    thisDateObj->msToGregorianDateTime(milli, utc, t);
+    return jsNumber(exec, t.second);
+}
 …
     double milli = v->toNumber(exec);
     if (isnan(milli))
         return jsNaN();
     GregorianDateTime t;
     thisDateObj->msToGregorianDateTime(milli, utc, t);
     return jsNumber(t.second);
+        return jsNaN(exec);
+    GregorianDateTime t;
+    thisDateObj->msToGregorianDateTime(milli, utc, t);
+    return jsNumber(exec, t.second);
+}
 …
     double milli = v->toNumber(exec);
     if (isnan(milli))
         return jsNaN();
+        return jsNaN(exec);
     double secs = floor(milli / msPerSecond);
     double ms = milli - secs * msPerSecond;
     return jsNumber(ms);
+    return jsNumber(exec, ms);
+}
 …
     double milli = v->toNumber(exec);
     if (isnan(milli))
         return jsNaN();
+        return jsNaN(exec);
     double secs = floor(milli / msPerSecond);
     double ms = milli - secs * msPerSecond;
     return jsNumber(ms);
+    return jsNumber(exec, ms);
+}
 …
     double milli = v->toNumber(exec);
     if (isnan(milli))
         return jsNaN();
     GregorianDateTime t;
     thisDateObj->msToGregorianDateTime(milli, utc, t);
     return jsNumber(-gmtoffset(t) / minutesPerHour);
+        return jsNaN(exec);
+    GregorianDateTime t;
+    thisDateObj->msToGregorianDateTime(milli, utc, t);
+    return jsNumber(exec, -gmtoffset(t) / minutesPerHour);
+}
 …
     double milli = timeClip(args[0]->toNumber(exec));
     JSValue* result = jsNumber(milli);
+    JSValue* result = jsNumber(exec, milli);
     thisDateObj->setInternalValue(result);
     return result;
 …
     if (args.isEmpty() || isnan(milli)) {
         JSValue* result = jsNaN();
+        JSValue* result = jsNaN(exec);
         thisDateObj->setInternalValue(result);
         return result;
 …
     if (!fillStructuresUsingTimeArgs(exec, args, numArgsToUse, &ms, &t)) {
         JSValue* result = jsNaN();
+        JSValue* result = jsNaN(exec);
         thisDateObj->setInternalValue(result);
         return result;
+    }
     JSValue* result = jsNumber(gregorianDateTimeToMS(t, ms, inputIsUTC));
+    JSValue* result = jsNumber(exec, gregorianDateTimeToMS(t, ms, inputIsUTC));
     thisDateObj->setInternalValue(result);
     return result;
 …
     DateInstance* thisDateObj = static_cast<DateInstance*>(thisObj);
     if (args.isEmpty()) {
         JSValue* result = jsNaN();
+        JSValue* result = jsNaN(exec);
         thisDateObj->setInternalValue(result);
         return result;
 …
     if (!fillStructuresUsingDateArgs(exec, args, numArgsToUse, &ms, &t)) {
         JSValue* result = jsNaN();
+        JSValue* result = jsNaN(exec);
         thisDateObj->setInternalValue(result);
         return result;
+    }
     JSValue* result = jsNumber(gregorianDateTimeToMS(t, ms, inputIsUTC));
+    JSValue* result = jsNumber(exec, gregorianDateTimeToMS(t, ms, inputIsUTC));
     thisDateObj->setInternalValue(result);
     return result;
 …
     DateInstance* thisDateObj = static_cast<DateInstance*>(thisObj);
     if (args.isEmpty()) {
         JSValue* result = jsNaN();
+        JSValue* result = jsNaN(exec);
         thisDateObj->setInternalValue(result);
         return result;
 …
     int32_t year = args[0]->toInt32(exec, ok);
     if (!ok) {
         JSValue* result = jsNaN();
+        JSValue* result = jsNaN(exec);
         thisDateObj->setInternalValue(result);
         return result;
 …
     t.year = (year > 99 || year < 0) ? year - 1900 : year;
     JSValue* result = jsNumber(gregorianDateTimeToMS(t, ms, utc));
+    JSValue* result = jsNumber(exec, gregorianDateTimeToMS(t, ms, utc));
     thisDateObj->setInternalValue(result);
     return result;
 …
     double milli = v->toNumber(exec);
     if (isnan(milli))
         return jsNaN();
+        return jsNaN(exec);
     GregorianDateTime t;
 …
     // NOTE: IE returns the full year even in getYear.
     return jsNumber(t.year);
+    return jsNumber(exec, t.year);
+}

trunk/JavaScriptCore/kjs/error_object.cpp

-              r32652
+              r32807
     // The constructor will be added later in ErrorObjectImp's constructor
     putDirect(exec->propertyNames().name, jsString("Error"), DontEnum);
     putDirect(exec->propertyNames().message, jsString("Unknown error"), DontEnum);
+    putDirect(exec->propertyNames().name, jsString(exec, "Error"), DontEnum);
+    putDirect(exec->propertyNames().message, jsString(exec, "Unknown error"), DontEnum);
     putDirectFunction(new PrototypeFunction(exec, functionPrototype, 0, exec->propertyNames().toString, errorProtoFuncToString), DontEnum);
+    putDirectFunction(new (exec) PrototypeFunction(exec, functionPrototype, 0, exec->propertyNames().toString, errorProtoFuncToString), DontEnum);
+}
 …
         s += ": " + v->toString(exec);
     return jsString(s);
+    return jsString(exec, s);
+}
 …
     // ECMA 15.11.3.1 Error.prototype
     putDirect(exec->propertyNames().prototype, errorProto, DontEnum|DontDelete|ReadOnly);
     putDirect(exec->propertyNames().length, jsNumber(1), DontDelete|ReadOnly|DontEnum);
+    putDirect(exec->propertyNames().length, jsNumber(exec, 1), DontDelete|ReadOnly|DontEnum);
+}
 …
+{
     JSObject* proto = static_cast<JSObject*>(exec->lexicalGlobalObject()->errorPrototype());
     JSObject* imp = new ErrorInstance(proto);
+    JSObject* imp = new (exec) ErrorInstance(proto);
     JSObject* obj(imp);
     if (!args[0]->isUndefined())
         imp->putDirect(exec->propertyNames().message, jsString(args[0]->toString(exec)));
+        imp->putDirect(exec->propertyNames().message, jsString(exec, args[0]->toString(exec)));
     return obj;
 …
     : JSObject(errorProto)
+{
     putDirect(exec->propertyNames().name, jsString(name), 0);
     putDirect(exec->propertyNames().message, jsString(message), 0);
+    putDirect(exec->propertyNames().name, jsString(exec, name), 0);
+    putDirect(exec->propertyNames().message, jsString(exec, message), 0);
+}
 …
     , proto(prot)
+{
     putDirect(exec->propertyNames().length, jsNumber(1), DontDelete|ReadOnly|DontEnum); // ECMA 15.11.7.5
+    putDirect(exec->propertyNames().length, jsNumber(exec, 1), DontDelete|ReadOnly|DontEnum); // ECMA 15.11.7.5
     putDirect(exec->propertyNames().prototype, proto, DontDelete|ReadOnly|DontEnum);
+}
 …
 JSObject* NativeErrorImp::construct(ExecState* exec, const List& args)
+{
     JSObject* imp = new ErrorInstance(proto);
+    JSObject* imp = new (exec) ErrorInstance(proto);
     JSObject* obj(imp);
     if (!args[0]->isUndefined())
         imp->putDirect(exec->propertyNames().message, jsString(args[0]->toString(exec)));
+        imp->putDirect(exec->propertyNames().message, jsString(exec, args[0]->toString(exec)));
     return obj;
+}

trunk/JavaScriptCore/kjs/function.cpp

r32652	r32807
123	123	}
124	124
125		JSValue* FunctionImp::lengthGetter(ExecState, JSObject, const Identifier&, const PropertySlot& slot)
	125	JSValue* FunctionImp::lengthGetter(ExecState* exec, JSObject*, const Identifier&, const PropertySlot& slot)
126	126	{
127	127	FunctionImp* thisObj = static_cast<FunctionImp*>(slot.slotBase());
128		return jsNumber(thisObj->body->parameters().size());
	128	return jsNumber(exec, thisObj->body->parameters().size());
129	129	}
130	130
…	…
200	200	proto = exec->lexicalGlobalObject()->objectPrototype();
201	201
202		JSObject* obj(new JSObject(proto));
	202	JSObject* obj(new (exec) JSObject(proto));
203	203
204	204	JSValue* res = call(exec,obj,args);
…	…
289	289	{
290	290	putDirect(exec->propertyNames().callee, func, DontEnum);
291		putDirect(exec->propertyNames().length, args.size(), DontEnum);
	291	putDirect(exec, exec->propertyNames().length, args.size(), DontEnum);
292	292
293	293	int i = 0;
…	…
465	465	// we can retrieve our argument list from the ExecState for our function
466	466	// call instead of storing the list ourselves.
467		d()->argumentsObject = new Arguments(exec, d()->exec->function(), *d()->exec->arguments(), this);
	467	d()->argumentsObject = new (exec) Arguments(exec, d()->exec->function(), *d()->exec->arguments(), this);
468	468	}
469	469
…	…
506	506	}
507	507	}
508		return jsString(r);
	508	return jsString(exec, r);
509	509	}
510	510
…	…
571	571	s.append(c);
572	572	}
573		return jsString(s);
	573	return jsString(exec, s);
574	574	}
575	575
…	…
765	765	JSValue* globalFuncParseInt(ExecState* exec, JSObject*, const List& args)
766	766	{
767		return jsNumber(parseInt(args[0]->toString(exec), args[1]->toInt32(exec)));
	767	return jsNumber(exec, parseInt(args[0]->toString(exec), args[1]->toInt32(exec)));
768	768	}
769	769
770	770	JSValue* globalFuncParseFloat(ExecState* exec, JSObject*, const List& args)
771	771	{
772		return jsNumber(parseFloat(args[0]->toString(exec)));
	772	return jsNumber(exec, parseFloat(args[0]->toString(exec)));
773	773	}
774	774
…	…
845	845	}
846	846
847		return jsString(r);
	847	return jsString(exec, r);
848	848	}
849	849
…	…
870	870	}
871	871
872		return jsString(s);
	872	return jsString(exec, s);
873	873	}
874	874
…	…
890	890	{
891	891	ASSERT_ARG(function, function);
892		putDirect(exec->propertyNames().length, jsNumber(len), DontDelete \| ReadOnly \| DontEnum);
	892	putDirect(exec->propertyNames().length, jsNumber(exec, len), DontDelete \| ReadOnly \| DontEnum);
893	893	}
894	894
…	…
898	898	{
899	899	ASSERT_ARG(function, function);
900		putDirect(exec->propertyNames().length, jsNumber(len), DontDelete \| ReadOnly \| DontEnum);
	900	putDirect(exec->propertyNames().length, jsNumber(exec, len), DontDelete \| ReadOnly \| DontEnum);
901	901	}
902	902
…	…
915	915	ASSERT_ARG(function, function);
916	916	ASSERT_ARG(cachedGlobalObject, cachedGlobalObject);
917		putDirect(exec->propertyNames().length, jsNumber(len), DontDelete \| ReadOnly \| DontEnum);
	917	putDirect(exec->propertyNames().length, jsNumber(exec, len), DontDelete \| ReadOnly \| DontEnum);
918	918	}
919	919

trunk/JavaScriptCore/kjs/function_object.cpp

-              r32652
+              r32807
 FunctionPrototype::FunctionPrototype(ExecState* exec)
+{
     putDirect(exec->propertyNames().length, jsNumber(0), DontDelete | ReadOnly | DontEnum);
     putDirectFunction(new PrototypeFunction(exec, this, 0, exec->propertyNames().toString, functionProtoFuncToString), DontEnum);
     putDirectFunction(new PrototypeFunction(exec, this, 2, exec->propertyNames().apply, functionProtoFuncApply), DontEnum);
     putDirectFunction(new PrototypeFunction(exec, this, 1, exec->propertyNames().call, functionProtoFuncCall), DontEnum);
+    putDirect(exec->propertyNames().length, jsNumber(exec, 0), DontDelete | ReadOnly | DontEnum);
+    putDirectFunction(new (exec) PrototypeFunction(exec, this, 0, exec->propertyNames().toString, functionProtoFuncToString), DontEnum);
+    putDirectFunction(new (exec) PrototypeFunction(exec, this, 2, exec->propertyNames().apply, functionProtoFuncApply), DontEnum);
+    putDirectFunction(new (exec) PrototypeFunction(exec, this, 1, exec->propertyNames().call, functionProtoFuncCall), DontEnum);
+}
 …
     if (thisObj->inherits(&FunctionImp::info)) {
         FunctionImp* fi = static_cast<FunctionImp*>(thisObj);
         return jsString("function " + fi->functionName().ustring() + "(" + fi->body->paramString() + ") " + fi->body->toString());
+    }
     return jsString("function " + static_cast<InternalFunctionImp*>(thisObj)->functionName().ustring() + "() {\n    [native code]\n}");
+        return jsString(exec, "function " + fi->functionName().ustring() + "(" + fi->body->paramString() + ") " + fi->body->toString());
+    }
+    return jsString(exec, "function " + static_cast<InternalFunctionImp*>(thisObj)->functionName().ustring() + "() {\n    [native code]\n}");
+}
 …
     // Number of arguments for constructor
     putDirect(exec->propertyNames().length, jsNumber(1), ReadOnly | DontDelete | DontEnum);
+    putDirect(exec->propertyNames().length, jsNumber(exec, 1), ReadOnly | DontDelete | DontEnum);
+}
 …
     Debugger* dbg = exec->dynamicGlobalObject()->debugger();
     if (dbg && !dbg->sourceParsed(exec, sourceId, UString(), body, lineNumber, errLine, errMsg))
         return new JSObject();
+        return new (exec) JSObject();
     // No program node == syntax error - throw a syntax error
 …
     scopeChain.push(exec->lexicalGlobalObject());
     FunctionImp* fimp = new FunctionImp(exec, functionName, functionBody.get(), scopeChain);
+    FunctionImp* fimp = new (exec) FunctionImp(exec, functionName, functionBody.get(), scopeChain);
     // parse parameter list. throw syntax error on illegal identifiers

trunk/JavaScriptCore/kjs/internal.cpp

r32652	r32807
81	81	JSObject* StringImp::toObject(ExecState *exec) const
82	82	{
83		return new StringInstance(exec->lexicalGlobalObject()->stringPrototype(), const_cast<StringImp*>(this));
	83	return new (exec) StringInstance(exec->lexicalGlobalObject()->stringPrototype(), const_cast<StringImp*>(this));
84	84	}
85	85

trunk/JavaScriptCore/kjs/internal.h

-              r32609
+              r32807
   class StringImp : public JSCell {
   public:
     StringImp(const UString& v) : val(v) { Collector::reportExtraMemoryCost(v.cost()); }
+    StringImp(const UString& v) : val(v) { Heap::heap(this)->reportExtraMemoryCost(v.cost()); }
     enum HasOtherOwnerType { HasOtherOwner };
     StringImp(const UString& value, HasOtherOwnerType) : val(value) { }
 …
   class NumberImp : public JSCell {
     friend class ConstantValues;
     friend JSValue *jsNumberCell(double);
+    friend JSValue* jsNumberCell(ExecState*, double);
   public:
     double value() const { return val; }
 …
     virtual JSObject *toObject(ExecState *exec) const;
     void* operator new(size_t size)
+    void* operator new(size_t size, ExecState* exec)
+    {
         return Collector::allocateNumber(size);
+        return exec->heap()->allocateNumber(size);
+    }
   private:
     NumberImp(double v) : val(v) { }

trunk/JavaScriptCore/kjs/list.cpp

-              r29067
+              r32807
+}
 List::ListSet& List::markSet()
+void List::markProtectedLists(ListSet& markSet)
+{
+    static ListSet staticMarkSet;
+    return staticMarkSet;
+}
+void List::markProtectedListsSlowCase()
+{
+    ListSet::iterator end = markSet().end();
+    for (ListSet::iterator it = markSet().begin(); it != end; ++it) {
+    ListSet::iterator end = markSet.end();
+    for (ListSet::iterator it = markSet.begin(); it != end; ++it) {
         List* list = *it;
 …
     // our Vector's inline capacity, though, our values move to the
     // heap, where they do need explicit marking.
+    if (!m_isInMarkSet) {
+        markSet().add(this);
+        m_isInMarkSet = true;
+    if (!m_markSet) {
+        ListSet& markSet = Heap::threadHeap()->markListSet();
+        markSet.add(this);
+        m_markSet = &markSet;
+    }

trunk/JavaScriptCore/kjs/list.h

-              r29067
+              r32807
         List()
             : m_isInMarkSet(false)
+            : m_markSet(0)
+        {
+        }
 …
         ~List()
+        {
             if (m_isInMarkSet)
                 markSet().remove(this);
+            if (m_markSet)
+                m_markSet->remove(this);
+        }
 …
         const_iterator end() const { return m_vector.end(); }
+        static void markProtectedLists()
+        {
+            if (!markSet().size())
+                return;
+            markProtectedListsSlowCase();
+        }
+        static void markProtectedLists(ListSet&);
     private:
-        static ListSet& markSet();
-        static void markProtectedListsSlowCase();
         void expandAndAppend(JSValue*);
         VectorType m_vector;
         bool m_isInMarkSet;
+        ListSet* m_markSet;
     private:

trunk/JavaScriptCore/kjs/lookup.h

-              r32652
+              r32807
       const HashEntry* entry = slot.staticEntry();
       JSValue* val = new PrototypeFunction(exec, entry->length, propertyName, entry->functionValue);
+      JSValue* val = new (exec) PrototypeFunction(exec, entry->length, propertyName, entry->functionValue);
       thisObj->putDirect(propertyName, val, entry->attributes);
       return val;
 …
       return static_cast<JSObject* >(obj);
+    }
     JSObject* newObject = new ClassCtor(exec);
+    JSObject* newObject = new (exec) ClassCtor(exec);
     globalObject->putDirect(propertyName, newObject, DontEnum);
     return newObject;

trunk/JavaScriptCore/kjs/math_object.cpp

r32652	r32807
77	77	}
78	78
79		JSValue* MathObjectImp::getValueProperty(ExecState*, int token) const
	79	JSValue* MathObjectImp::getValueProperty(ExecState* exec, int token) const
80	80	{
81	81	switch (token) {
82	82	case Euler:
83		return jsNumber(exp(1.0));
	83	return jsNumber(exec, exp(1.0));
84	84	case Ln2:
85		return jsNumber(log(2.0));
	85	return jsNumber(exec, log(2.0));
86	86	case Ln10:
87		return jsNumber(log(10.0));
	87	return jsNumber(exec, log(10.0));
88	88	case Log2E:
89		return jsNumber(1.0 / log(2.0));
	89	return jsNumber(exec, 1.0 / log(2.0));
90	90	case Log10E:
91		return jsNumber(1.0 / log(10.0));
	91	return jsNumber(exec, 1.0 / log(10.0));
92	92	case Pi:
93		return jsNumber(piDouble);
	93	return jsNumber(exec, piDouble);
94	94	case Sqrt1_2:
95		return jsNumber(sqrt(0.5));
	95	return jsNumber(exec, sqrt(0.5));
96	96	case Sqrt2:
97		return jsNumber(sqrt(2.0));
	97	return jsNumber(exec, sqrt(2.0));
98	98	}
99	99
…	…
107	107	{
108	108	double arg = args[0]->toNumber(exec);
109		return signbit(arg) ? jsNumber(~~-arg) : jsNumber(~~arg);
	109	return signbit(arg) ? jsNumber(exec, -arg) : jsNumber(exec, arg);
110	110	}
111	111
112	112	JSValue* mathProtoFuncACos(ExecState* exec, JSObject*, const List& args)
113	113	{
114		return jsNumber(acos(args[0]->toNumber(exec)));
	114	return jsNumber(exec, acos(args[0]->toNumber(exec)));
115	115	}
116	116
117	117	JSValue* mathProtoFuncASin(ExecState* exec, JSObject*, const List& args)
118	118	{
119		return jsNumber(asin(args[0]->toNumber(exec)));
	119	return jsNumber(exec, asin(args[0]->toNumber(exec)));
120	120	}
121	121
122	122	JSValue* mathProtoFuncATan(ExecState* exec, JSObject*, const List& args)
123	123	{
124		return jsNumber(atan(args[0]->toNumber(exec)));
	124	return jsNumber(exec, atan(args[0]->toNumber(exec)));
125	125	}
126	126
127	127	JSValue* mathProtoFuncATan2(ExecState* exec, JSObject*, const List& args)
128	128	{
129		return jsNumber(atan2(args[0]->toNumber(exec), args[1]->toNumber(exec)));
	129	return jsNumber(exec, atan2(args[0]->toNumber(exec), args[1]->toNumber(exec)));
130	130	}
131	131
…	…
134	134	double arg = args[0]->toNumber(exec);
135	135	if (signbit(arg) && arg > -1.0)
136		return jsNumber(-0.0);
137		return jsNumber(ceil(arg));
	136	return jsNumber(exec, -0.0);
	137	return jsNumber(exec, ceil(arg));
138	138	}
139	139
140	140	JSValue* mathProtoFuncCos(ExecState* exec, JSObject*, const List& args)
141	141	{
142		return jsNumber(cos(args[0]->toNumber(exec)));
	142	return jsNumber(exec, cos(args[0]->toNumber(exec)));
143	143	}
144	144
145	145	JSValue* mathProtoFuncExp(ExecState* exec, JSObject*, const List& args)
146	146	{
147		return jsNumber(exp(args[0]->toNumber(exec)));
	147	return jsNumber(exec, exp(args[0]->toNumber(exec)));
148	148	}
149	149
…	…
152	152	double arg = args[0]->toNumber(exec);
153	153	if (signbit(arg) && arg == 0.0)
154		return jsNumber(-0.0);
155		return jsNumber(floor(arg));
	154	return jsNumber(exec, -0.0);
	155	return jsNumber(exec, floor(arg));
156	156	}
157	157
158	158	JSValue* mathProtoFuncLog(ExecState* exec, JSObject*, const List& args)
159	159	{
160		return jsNumber(log(args[0]->toNumber(exec)));
	160	return jsNumber(exec, log(args[0]->toNumber(exec)));
161	161	}
162	162
…	…
174	174	result = val;
175	175	}
176		return jsNumber(result);
	176	return jsNumber(exec, result);
177	177	}
178	178
…	…
190	190	result = val;
191	191	}
192		return jsNumber(result);
	192	return jsNumber(exec, result);
193	193	}
194	194
…	…
201	201
202	202	if (isnan(arg2))
203		return jsNumber(NaN);
	203	return jsNumber(exec, NaN);
204	204	if (isinf(arg2) && fabs(arg) == 1)
205		return jsNumber(NaN);
206		return jsNumber(pow(arg, arg2));
207		}
208
209		JSValue* mathProtoFuncRandom(ExecState, JSObject, const List&)
	205	return jsNumber(exec, NaN);
	206	return jsNumber(exec, pow(arg, arg2));
	207	}
	208
	209	JSValue* mathProtoFuncRandom(ExecState* exec, JSObject*, const List&)
210	210	{
211	211	#if !USE(MULTIPLE_THREADS)
…	…
217	217	#endif
218	218
219		return jsNumber(wtf_random());
	219	return jsNumber(exec, wtf_random());
220	220	}
221	221
…	…
224	224	double arg = args[0]->toNumber(exec);
225	225	if (signbit(arg) && arg >= -0.5)
226		return jsNumber(-0.0);
227		return jsNumber(floor(arg + 0.5));
	226	return jsNumber(exec, -0.0);
	227	return jsNumber(exec, floor(arg + 0.5));
228	228	}
229	229
230	230	JSValue* mathProtoFuncSin(ExecState* exec, JSObject*, const List& args)
231	231	{
232		return jsNumber(sin(args[0]->toNumber(exec)));
	232	return jsNumber(exec, sin(args[0]->toNumber(exec)));
233	233	}
234	234
235	235	JSValue* mathProtoFuncSqrt(ExecState* exec, JSObject*, const List& args)
236	236	{
237		return jsNumber(sqrt(args[0]->toNumber(exec)));
	237	return jsNumber(exec, sqrt(args[0]->toNumber(exec)));
238	238	}
239	239
240	240	JSValue* mathProtoFuncTan(ExecState* exec, JSObject*, const List& args)
241	241	{
242		return jsNumber(tan(args[0]->toNumber(exec)));
	242	return jsNumber(exec, tan(args[0]->toNumber(exec)));
243	243	}
244	244

trunk/JavaScriptCore/kjs/nodes.cpp

-              r32578
+              r32807
         JSObject* exception = static_cast<JSObject*>(exceptionValue);
         if (!exception->hasProperty(exec, "line") && !exception->hasProperty(exec, "sourceURL")) {
             exception->put(exec, "line", jsNumber(m_line));
             exception->put(exec, "sourceURL", jsString(currentSourceURL(exec)));
+            exception->put(exec, "line", jsNumber(exec, m_line));
+            exception->put(exec, "sourceURL", jsString(exec, currentSourceURL(exec)));
+        }
+    }
 …
 // ------------------------------ NumberNode -----------------------------------
 JSValue* NumberNode::evaluate(ExecState*)
+JSValue* NumberNode::evaluate(ExecState* exec)
+{
     // Number nodes are only created when the number can't fit in a JSImmediate, so no need to check again.
     return jsNumberCell(m_double);
+    return jsNumberCell(exec, m_double);
+}
 …
 // ------------------------------ StringNode -----------------------------------
 JSValue* StringNode::evaluate(ExecState*)
+{
     return jsOwnedString(m_value);
+JSValue* StringNode::evaluate(ExecState* exec)
+{
+    return jsOwnedString(exec, m_value);
+}
 …
     if (m_optional)
         array->put(exec, exec->propertyNames().length, jsNumber(m_elision + length));
+        array->put(exec, exec->propertyNames().length, jsNumber(exec, m_elision + length));
     return array;
 …
             JSObject* base = *iter;
             JSValue* v = slot.getValue(exec, base, m_ident)->toJSNumber(exec);
             base->put(exec, m_ident, jsNumber(v->toNumber(exec) + 1));
+            base->put(exec, m_ident, jsNumber(exec, v->toNumber(exec) + 1));
             return v;
+        }
 …
     JSValue** slot = &exec->localStorage()[m_index].value;
     JSValue* v = (*slot)->toJSNumber(exec);
     *slot = jsNumber(v->toNumber(exec) + 1);
+    *slot = jsNumber(exec, v->toNumber(exec) + 1);
     return v;
+}
 …
             JSObject* base = *iter;
             JSValue* v = slot.getValue(exec, base, m_ident)->toJSNumber(exec);
             base->put(exec, m_ident, jsNumber(v->toNumber(exec) - 1));
+            base->put(exec, m_ident, jsNumber(exec, v->toNumber(exec) - 1));
             return v;
+        }
 …
     JSValue** slot = &exec->localStorage()[m_index].value;
     JSValue* v = (*slot)->toJSNumber(exec);
     *slot = jsNumber(v->toNumber(exec) - 1);
+    *slot = jsNumber(exec, v->toNumber(exec) - 1);
     return v;
+}
 …
     JSValue** slot = &exec->localStorage()[m_index].value;
     double n = (*slot)->toNumber(exec);
     *slot = jsNumber(n - 1);
+    *slot = jsNumber(exec, n - 1);
     return n;
+}
 …
         JSValue* v2 = v->toJSNumber(exec);
         base->put(exec, propertyIndex, jsNumber(v2->toNumber(exec) + 1));
+        base->put(exec, propertyIndex, jsNumber(exec, v2->toNumber(exec) + 1));
         return v2;
 …
     JSValue* v2 = v->toJSNumber(exec);
     base->put(exec, propertyName, jsNumber(v2->toNumber(exec) + 1));
+    base->put(exec, propertyName, jsNumber(exec, v2->toNumber(exec) + 1));
     return v2;
+}
 …
         JSValue* v2 = v->toJSNumber(exec);
         base->put(exec, propertyIndex, jsNumber(v2->toNumber(exec) - 1));
+        base->put(exec, propertyIndex, jsNumber(exec, v2->toNumber(exec) - 1));
         return v2;
+    }
 …
     JSValue* v2 = v->toJSNumber(exec);
     base->put(exec, propertyName, jsNumber(v2->toNumber(exec) - 1));
+    base->put(exec, propertyName, jsNumber(exec, v2->toNumber(exec) - 1));
     return v2;
+}
 …
     JSValue* v2 = v->toJSNumber(exec);
     base->put(exec, m_ident, jsNumber(v2->toNumber(exec) + 1));
+    base->put(exec, m_ident, jsNumber(exec, v2->toNumber(exec) + 1));
     return v2;
+}
 …
     JSValue* v2 = v->toJSNumber(exec);
     base->put(exec, m_ident, jsNumber(v2->toNumber(exec) - 1));
+    base->put(exec, m_ident, jsNumber(exec, v2->toNumber(exec) - 1));
     return v2;
+}
 …
+}
 static JSValue* typeStringForValue(JSValue* v) KJS_FAST_CALL;
 static JSValue* typeStringForValue(JSValue* v)
+static JSValue* typeStringForValue(ExecState*, JSValue*) KJS_FAST_CALL;
+static JSValue* typeStringForValue(ExecState* exec, JSValue* v)
+{
     switch (v->type()) {
         case UndefinedType:
             return jsString("undefined");
+            return jsString(exec, "undefined");
         case NullType:
             return jsString("object");
+            return jsString(exec, "object");
         case BooleanType:
             return jsString("boolean");
+            return jsString(exec, "boolean");
         case NumberType:
             return jsString("number");
+            return jsString(exec, "number");
         case StringType:
             return jsString("string");
+            return jsString(exec, "string");
         default:
             if (v->isObject()) {
 …
                 // as null when doing comparisons.
                 if (static_cast<JSObject*>(v)->masqueradeAsUndefined())
                     return jsString("undefined");
+                    return jsString(exec, "undefined");
                 else if (static_cast<JSObject*>(v)->implementsCall())
                     return jsString("function");
+                    return jsString(exec, "function");
+            }
             return jsString("object");
+            return jsString(exec, "object");
+    }
+}
 …
     ASSERT(exec->variableObject() == exec->scopeChain().top());
     return typeStringForValue(exec->localStorage()[m_index].value);
+    return typeStringForValue(exec, exec->localStorage()[m_index].value);
+}
 …
         if (base->getPropertySlot(exec, m_ident, slot)) {
             JSValue* v = slot.getValue(exec, base, m_ident);
             return typeStringForValue(v);
+            return typeStringForValue(exec, v);
+        }
 …
     } while (iter != end);
     return jsString("undefined");
+    return jsString(exec, "undefined");
+}
 …
     KJS_CHECKEXCEPTIONVALUE
     return typeStringForValue(v);
+    return typeStringForValue(exec, v);
+}
 …
     double n = (*slot)->toNumber(exec);
     JSValue* n2 = jsNumber(n + 1);
+    JSValue* n2 = jsNumber(exec, n + 1);
     *slot = n2;
     return n2;
 …
             double n = v->toNumber(exec);
             JSValue* n2 = jsNumber(n + 1);
+            JSValue* n2 = jsNumber(exec, n + 1);
             base->put(exec, m_ident, n2);
 …
     double n = (*slot)->toNumber(exec);
     JSValue* n2 = jsNumber(n - 1);
+    JSValue* n2 = jsNumber(exec, n - 1);
     *slot = n2;
     return n2;
 …
             double n = v->toNumber(exec);
             JSValue* n2 = jsNumber(n - 1);
+            JSValue* n2 = jsNumber(exec, n - 1);
             base->put(exec, m_ident, n2);
 …
+{
     ASSERT(exec->variableObject() == exec->scopeChain().top());
     return jsNumber(exec->localStorage()[m_index].value->toNumber(exec) + 1);
+    return jsNumber(exec, exec->localStorage()[m_index].value->toNumber(exec) + 1);
+}
 …
+{
     ASSERT(exec->variableObject() == exec->scopeChain().top());
     return jsNumber(exec->localStorage()[m_index].value->toNumber(exec) - 1);
+    return jsNumber(exec, exec->localStorage()[m_index].value->toNumber(exec) - 1);
+}
 …
+{
     ASSERT(exec->variableObject() == exec->scopeChain().top());
     return jsNumber(exec->localStorage()[m_index].value->toNumber(exec));
+    return jsNumber(exec, exec->localStorage()[m_index].value->toNumber(exec));
+}
 …
+{
     ASSERT(exec->variableObject() == exec->scopeChain().top());
     return jsNumber(exec->localStorage()[m_index].value->toNumber(exec));
+    return jsNumber(exec, exec->localStorage()[m_index].value->toNumber(exec));
+}
 …
         KJS_CHECKEXCEPTIONVALUE
         JSValue* n2 = jsNumber(v->toNumber(exec) + 1);
+        JSValue* n2 = jsNumber(exec, v->toNumber(exec) + 1);
         base->put(exec, propertyIndex, n2);
 …
     KJS_CHECKEXCEPTIONVALUE
     JSValue* n2 = jsNumber(v->toNumber(exec) + 1);
+    JSValue* n2 = jsNumber(exec, v->toNumber(exec) + 1);
     base->put(exec, propertyName, n2);
 …
         KJS_CHECKEXCEPTIONVALUE
         JSValue* n2 = jsNumber(v->toNumber(exec) - 1);
+        JSValue* n2 = jsNumber(exec, v->toNumber(exec) - 1);
         base->put(exec, propertyIndex, n2);
 …
     KJS_CHECKEXCEPTIONVALUE
     JSValue* n2 = jsNumber(v->toNumber(exec) - 1);
+    JSValue* n2 = jsNumber(exec, v->toNumber(exec) - 1);
     base->put(exec, propertyName, n2);
 …
     double n = v->toNumber(exec);
     JSValue* n2 = jsNumber(n + 1);
+    JSValue* n2 = jsNumber(exec, n + 1);
     base->put(exec, m_ident, n2);
 …
     double n = v->toNumber(exec);
     JSValue* n2 = jsNumber(n - 1);
+    JSValue* n2 = jsNumber(exec, n - 1);
     base->put(exec, m_ident, n2);
 …
+{
     // No need to check exception, caller will do so right after evaluate()
     return jsNumber(-m_expr->evaluateToNumber(exec));
+    return jsNumber(exec, -m_expr->evaluateToNumber(exec));
+}
 …
 JSValue* BitwiseNotNode::evaluate(ExecState* exec)
+{
     return jsNumber(inlineEvaluateToInt32(exec));
+    return jsNumber(exec, inlineEvaluateToInt32(exec));
+}
 …
 JSValue* MultNode::evaluate(ExecState* exec)
+{
     return jsNumber(inlineEvaluateToNumber(exec));
+    return jsNumber(exec, inlineEvaluateToNumber(exec));
+}
 …
 JSValue* DivNode::evaluate(ExecState* exec)
+{
     return jsNumber(inlineEvaluateToNumber(exec));
+    return jsNumber(exec, inlineEvaluateToNumber(exec));
+}
 …
 JSValue* ModNode::evaluate(ExecState* exec)
+{
     return jsNumber(inlineEvaluateToNumber(exec));
+    return jsNumber(exec, inlineEvaluateToNumber(exec));
+}
 …
         if (value.isNull())
             return throwOutOfMemoryError(exec);
         return jsString(value);
+    }
     return jsNumber(p1->toNumber(exec) + p2->toNumber(exec));
+        return jsString(exec, value);
+    }
+    return jsNumber(exec, p1->toNumber(exec) + p2->toNumber(exec));
+}
 …
     if (bothTypes == ((NumberType << 3) | NumberType))
         return jsNumber(v1->toNumber(exec) + v2->toNumber(exec));
+        return jsNumber(exec, v1->toNumber(exec) + v2->toNumber(exec));
     if (bothTypes == ((StringType << 3) | StringType)) {
         UString value = static_cast<StringImp*>(v1)->value() + static_cast<StringImp*>(v2)->value();
         if (value.isNull())
             return throwOutOfMemoryError(exec);
         return jsString(value);
+        return jsString(exec, value);
+    }
 …
 JSValue* AddNumbersNode::evaluate(ExecState* exec)
+{
     return jsNumber(inlineEvaluateToNumber(exec));
+    return jsNumber(exec, inlineEvaluateToNumber(exec));
+}
 …
     KJS_CHECKEXCEPTIONVALUE
     return jsString(static_cast<StringImp*>(v1)->value() + static_cast<StringImp*>(v2)->value());
+    return jsString(exec, static_cast<StringImp*>(v1)->value() + static_cast<StringImp*>(v2)->value());
+}
 …
     JSValue* p2 = v2->toPrimitive(exec, UnspecifiedType);
     return jsString(static_cast<StringImp*>(v1)->value() + p2->toString(exec));
+    return jsString(exec, static_cast<StringImp*>(v1)->value() + p2->toString(exec));
+}
 …
     JSValue* p1 = v1->toPrimitive(exec, UnspecifiedType);
     return jsString(p1->toString(exec) + static_cast<StringImp*>(v2)->value());
+    return jsString(exec, p1->toString(exec) + static_cast<StringImp*>(v2)->value());
+}
 …
 JSValue* SubNode::evaluate(ExecState* exec)
+{
     return jsNumber(inlineEvaluateToNumber(exec));
+    return jsNumber(exec, inlineEvaluateToNumber(exec));
+}
 …
 JSValue* LeftShiftNode::evaluate(ExecState* exec)
+{
     return jsNumber(inlineEvaluateToInt32(exec));
+    return jsNumber(exec, inlineEvaluateToInt32(exec));
+}
 …
 JSValue* RightShiftNode::evaluate(ExecState* exec)
+{
     return jsNumber(inlineEvaluateToInt32(exec));
+    return jsNumber(exec, inlineEvaluateToInt32(exec));
+}
 …
 JSValue* UnsignedRightShiftNode::evaluate(ExecState* exec)
+{
     return jsNumber(inlineEvaluateToUInt32(exec));
+    return jsNumber(exec, inlineEvaluateToUInt32(exec));
+}
 …
 JSValue* BitXOrNode::evaluate(ExecState* exec)
+{
     return jsNumber(inlineEvaluateToInt32(exec));
+    return jsNumber(exec, inlineEvaluateToInt32(exec));
+}
 …
 JSValue* BitOrNode::evaluate(ExecState* exec)
+{
     return jsNumber(inlineEvaluateToInt32(exec));
+    return jsNumber(exec, inlineEvaluateToInt32(exec));
+}
 …
     switch (oper) {
         case OpMultEq:
             v = jsNumber(current->toNumber(exec) * right->evaluateToNumber(exec));
+            v = jsNumber(exec, current->toNumber(exec) * right->evaluateToNumber(exec));
             break;
         case OpDivEq:
             v = jsNumber(current->toNumber(exec) / right->evaluateToNumber(exec));
+            v = jsNumber(exec, current->toNumber(exec) / right->evaluateToNumber(exec));
             break;
         case OpPlusEq:
 …
             break;
         case OpMinusEq:
             v = jsNumber(current->toNumber(exec) - right->evaluateToNumber(exec));
+            v = jsNumber(exec, current->toNumber(exec) - right->evaluateToNumber(exec));
             break;
         case OpLShift:
             i1 = current->toInt32(exec);
             i2 = right->evaluateToInt32(exec);
             v = jsNumber(i1 << i2);
+            v = jsNumber(exec, i1 << i2);
             break;
         case OpRShift:
             i1 = current->toInt32(exec);
             i2 = right->evaluateToInt32(exec);
             v = jsNumber(i1 >> i2);
+            v = jsNumber(exec, i1 >> i2);
             break;
         case OpURShift:
             ui = current->toUInt32(exec);
             i2 = right->evaluateToInt32(exec);
             v = jsNumber(ui >> i2);
+            v = jsNumber(exec, ui >> i2);
             break;
         case OpAndEq:
             i1 = current->toInt32(exec);
             i2 = right->evaluateToInt32(exec);
             v = jsNumber(i1 & i2);
+            v = jsNumber(exec, i1 & i2);
             break;
         case OpXOrEq:
             i1 = current->toInt32(exec);
             i2 = right->evaluateToInt32(exec);
             v = jsNumber(i1 ^ i2);
+            v = jsNumber(exec, i1 ^ i2);
             break;
         case OpOrEq:
             i1 = current->toInt32(exec);
             i2 = right->evaluateToInt32(exec);
             v = jsNumber(i1 | i2);
+            v = jsNumber(exec, i1 | i2);
             break;
         case OpModEq: {
             double d1 = current->toNumber(exec);
             double d2 = right->evaluateToNumber(exec);
             v = jsNumber(fmod(d1, d2));
+            v = jsNumber(exec, fmod(d1, d2));
+        }
             break;
 …
             continue;
         JSValue* str = jsOwnedString(name.ustring());
+        JSValue* str = jsOwnedString(exec, name.ustring());
         if (m_lexpr->isResolveNode()) {
 …
     if (m_catchBlock && exec->completionType() == Throw) {
         JSObject* obj = new JSObject;
+        JSObject* obj = new (exec) JSObject;
         obj->putDirect(m_exceptionIdent, result, DontDelete);
         exec->dynamicGlobalObject()->tearOffActivation(exec);
 …
 FunctionImp* FuncDeclNode::makeFunction(ExecState* exec)
+{
     FunctionImp* func = new FunctionImp(exec, m_ident, m_body.get(), exec->scopeChain());
+    FunctionImp* func = new (exec) FunctionImp(exec, m_ident, m_body.get(), exec->scopeChain());
     JSObject* proto = exec->lexicalGlobalObject()->objectConstructor()->construct(exec, exec->emptyList());
     proto->putDirect(exec->propertyNames().constructor, func, DontEnum);
     func->putDirect(exec->propertyNames().prototype, proto, DontDelete);
     func->putDirect(exec->propertyNames().length, jsNumber(m_body->parameters().size()), ReadOnly | DontDelete | DontEnum);
+    func->putDirect(exec->propertyNames().length, jsNumber(exec, m_body->parameters().size()), ReadOnly | DontDelete | DontEnum);
     return func;
+}
 …
         // but they won't register with the current scope chain and should
         // be contained as single property in an anonymous object.
         functionScopeObject = new JSObject;
+        functionScopeObject = new (exec) JSObject;
         exec->pushScope(functionScopeObject);
+    }
     FunctionImp* func = new FunctionImp(exec, m_ident, m_body.get(), exec->scopeChain());
+    FunctionImp* func = new (exec) FunctionImp(exec, m_ident, m_body.get(), exec->scopeChain());
     JSObject* proto = exec->lexicalGlobalObject()->objectConstructor()->construct(exec, exec->emptyList());
     proto->putDirect(exec->propertyNames().constructor, func, DontEnum);

trunk/JavaScriptCore/kjs/number_object.cpp

-              r32652
+              r32807
     : NumberInstance(objectPrototype)
+{
     setInternalValue(jsNumber(0));
+    setInternalValue(jsNumber(exec, 0));
     // The constructor will be added later, after NumberObjectImp has been constructed
     putDirectFunction(new PrototypeFunction(exec, functionPrototype, 1, exec->propertyNames().toString, numberProtoFuncToString), DontEnum);
     putDirectFunction(new PrototypeFunction(exec, functionPrototype, 0, exec->propertyNames().toLocaleString, numberProtoFuncToLocaleString), DontEnum);
     putDirectFunction(new PrototypeFunction(exec, functionPrototype, 0, exec->propertyNames().valueOf, numberProtoFuncValueOf), DontEnum);
     putDirectFunction(new PrototypeFunction(exec, functionPrototype, 1, exec->propertyNames().toFixed, numberProtoFuncToFixed), DontEnum);
     putDirectFunction(new PrototypeFunction(exec, functionPrototype, 1, exec->propertyNames().toExponential, numberProtoFuncToExponential), DontEnum);
     putDirectFunction(new PrototypeFunction(exec, functionPrototype, 1, exec->propertyNames().toPrecision, numberProtoFuncToPrecision), DontEnum);
+    putDirectFunction(new (exec) PrototypeFunction(exec, functionPrototype, 1, exec->propertyNames().toString, numberProtoFuncToString), DontEnum);
+    putDirectFunction(new (exec) PrototypeFunction(exec, functionPrototype, 0, exec->propertyNames().toLocaleString, numberProtoFuncToLocaleString), DontEnum);
+    putDirectFunction(new (exec) PrototypeFunction(exec, functionPrototype, 0, exec->propertyNames().valueOf, numberProtoFuncValueOf), DontEnum);
+    putDirectFunction(new (exec) PrototypeFunction(exec, functionPrototype, 1, exec->propertyNames().toFixed, numberProtoFuncToFixed), DontEnum);
+    putDirectFunction(new (exec) PrototypeFunction(exec, functionPrototype, 1, exec->propertyNames().toExponential, numberProtoFuncToExponential), DontEnum);
+    putDirectFunction(new (exec) PrototypeFunction(exec, functionPrototype, 1, exec->propertyNames().toPrecision, numberProtoFuncToPrecision), DontEnum);
+}
 …
     double radixAsDouble = args[0]->toInteger(exec); // nan -> 0
     if (radixAsDouble == 10 || args[0]->isUndefined())
         return jsString(v->toString(exec));
+        return jsString(exec, v->toString(exec));
     if (radixAsDouble < 2 || radixAsDouble > 36)
 …
     double x = v->toNumber(exec);
     if (isnan(x) || isinf(x))
         return jsString(UString::from(x));
+        return jsString(exec, UString::from(x));
     bool isNegative = x < 0.0;
 …
     ASSERT(p < s + sizeof(s));
     return jsString(startOfResultString);
+    return jsString(exec, startOfResultString);
+}
 …
     // TODO
     return jsString(static_cast<NumberInstance*>(thisObj)->internalValue()->toString(exec));
+    return jsString(exec, static_cast<NumberInstance*>(thisObj)->internalValue()->toString(exec));
+}
 …
     double x = v->toNumber(exec);
     if (isnan(x))
         return jsString("NaN");
+        return jsString(exec, "NaN");
     UString s;
 …
     if (x >= pow(10.0, 21.0))
         return jsString(s + UString::from(x));
+        return jsString(exec, s + UString::from(x));
     const double tenToTheF = pow(10.0, f);
 …
     int kMinusf = k - f;
     if (kMinusf < m.size())
         return jsString(s + m.substr(0, kMinusf) + "." + m.substr(kMinusf));
     return jsString(s + m.substr(0, kMinusf));
+        return jsString(exec, s + m.substr(0, kMinusf) + "." + m.substr(kMinusf));
+    return jsString(exec, s + m.substr(0, kMinusf));
+}
 …
     if (isnan(x) || isinf(x))
         return jsString(UString::from(x));
+        return jsString(exec, UString::from(x));
     JSValue* fractionalDigitsValue = args[0];
 …
     if (isnan(x))
         return jsString("NaN");
+        return jsString(exec, "NaN");
     if (x == -0.0) // (-0.0).toExponential() should print as 0 instead of -0
 …
     freedtoa(result);
     return jsString(buf);
+    return jsString(exec, buf);
+}
 …
     double x = v->toNumber(exec);
     if (args[0]->isUndefined() || isnan(x) || isinf(x))
         return jsString(v->toString(exec));
+        return jsString(exec, v->toString(exec));
     UString s;
 …
                 m = m.substr(0, 1) + "." + m.substr(1);
             if (e >= 0)
                 return jsString(s + m + "e+" + UString::from(e));
             return jsString(s + m + "e-" + UString::from(-e));
+                return jsString(exec, s + m + "e+" + UString::from(e));
+            return jsString(exec, s + m + "e-" + UString::from(-e));
+        }
     } else {
 …
     if (e == precision - 1)
         return jsString(s + m);
+        return jsString(exec, s + m);
     if (e >= 0) {
         if (e + 1 < m.size())
             return jsString(s + m.substr(0, e + 1) + "." + m.substr(e + 1));
         return jsString(s + m);
+    }
     return jsString(s + "0." + char_sequence('0', -(e + 1)) + m);
+            return jsString(exec, s + m.substr(0, e + 1) + "." + m.substr(e + 1));
+        return jsString(exec, s + m);
+    }
+    return jsString(exec, s + "0." + char_sequence('0', -(e + 1)) + m);
+}
 …
     // no. of arguments for constructor
     putDirect(exec->propertyNames().length, jsNumber(1), ReadOnly|DontDelete|DontEnum);
+    putDirect(exec->propertyNames().length, jsNumber(exec, 1), ReadOnly|DontDelete|DontEnum);
+}
 …
+}
 JSValue* NumberObjectImp::getValueProperty(ExecState*, int token) const
+JSValue* NumberObjectImp::getValueProperty(ExecState* exec, int token) const
+{
     // ECMA 15.7.3
     switch (token) {
         case NaNValue:
             return jsNaN();
+            return jsNaN(exec);
         case NegInfinity:
             return jsNumberCell(-Inf);
+            return jsNumberCell(exec, -Inf);
         case PosInfinity:
             return jsNumberCell(Inf);
+            return jsNumberCell(exec, Inf);
         case MaxValue:
             return jsNumberCell(1.7976931348623157E+308);
+            return jsNumberCell(exec, 1.7976931348623157E+308);
         case MinValue:
             return jsNumberCell(5E-324);
+            return jsNumberCell(exec, 5E-324);
+    }
     ASSERT_NOT_REACHED();
 …
+{
     JSObject* proto = exec->lexicalGlobalObject()->numberPrototype();
     NumberInstance* obj = new NumberInstance(proto);
+    NumberInstance* obj = new (exec) NumberInstance(proto);
     // FIXME: Check args[0]->isUndefined() instead of args.isEmpty()?
     double n = args.isEmpty() ? 0 : args[0]->toNumber(exec);
     obj->setInternalValue(jsNumber(n));
+    obj->setInternalValue(jsNumber(exec, n));
     return obj;
+}
 …
+{
     // FIXME: Check args[0]->isUndefined() instead of args.isEmpty()?
     return jsNumber(args.isEmpty() ? 0 : args[0]->toNumber(exec));
+    return jsNumber(exec, args.isEmpty() ? 0 : args[0]->toNumber(exec));
+}

trunk/JavaScriptCore/kjs/object.cpp

-              r32652
+              r32807
 JSValue *JSObject::get(ExecState *exec, const Identifier &propertyName) const
+{
+  ASSERT(Heap::threadHeap() == Heap::heap(this));
   PropertySlot slot;
 …
 JSValue *JSObject::get(ExecState *exec, unsigned propertyName) const
+{
+  ASSERT(Heap::threadHeap() == Heap::heap(this));
   PropertySlot slot;
   if (const_cast<JSObject *>(this)->getPropertySlot(exec, propertyName, slot))
 …
+{
   ASSERT(value);
+  ASSERT(!Heap::heap(value) || Heap::heap(value) == Heap::heap(this));
   if (propertyName == exec->propertyNames().underscoreProto) {
 …
+}
 void JSObject::defineGetter(ExecState*, const Identifier& propertyName, JSObject* getterFunc)
+void JSObject::defineGetter(ExecState* exec, const Identifier& propertyName, JSObject* getterFunc)
+{
     JSValue *o = getDirect(propertyName);
 …
         gs = static_cast<GetterSetterImp *>(o);
     } else {
         gs = new GetterSetterImp;
+        gs = new (exec) GetterSetterImp;
         putDirect(propertyName, gs, GetterSetter);
+    }
 …
+}
 void JSObject::defineSetter(ExecState*, const Identifier& propertyName, JSObject* setterFunc)
+void JSObject::defineSetter(ExecState* exec, const Identifier& propertyName, JSObject* setterFunc)
+{
     JSValue *o = getDirect(propertyName);
 …
         gs = static_cast<GetterSetterImp *>(o);
     } else {
         gs = new GetterSetterImp;
+        gs = new (exec) GetterSetterImp;
         putDirect(propertyName, gs, GetterSetter);
+    }
 …
+}
 void JSObject::putDirect(const Identifier &propertyName, int value, int attr)
+{
     _prop.put(propertyName, jsNumber(value), attr);
+void JSObject::putDirect(ExecState* exec, const Identifier &propertyName, int value, int attr)
+{
+    _prop.put(propertyName, jsNumber(exec, value), attr);
+}
 …
   List args;
   if (message.isEmpty())
     args.append(jsString(errorNames[errtype]));
+    args.append(jsString(exec, errorNames[errtype]));
   else
     args.append(jsString(message));
+    args.append(jsString(exec, message));
   JSObject *err = static_cast<JSObject *>(cons->construct(exec,args));
   if (lineno != -1)
     err->put(exec, "line", jsNumber(lineno));
+    err->put(exec, "line", jsNumber(exec, lineno));
   if (sourceId != -1)
     err->put(exec, "sourceId", jsNumber(sourceId));
+    err->put(exec, "sourceId", jsNumber(exec, sourceId));
   if(!sourceURL.isNull())
     err->put(exec, "sourceURL", jsString(sourceURL));
+    err->put(exec, "sourceURL", jsString(exec, sourceURL));
   return err;

trunk/JavaScriptCore/kjs/object.h

r32652	r32807
433	433	{ return _prop.getLocation(propertyName); }
434	434	void putDirect(const Identifier &propertyName, JSValue *value, int attr = 0);
435		void putDirect(const Identifier &propertyName, int value, int attr = 0);
	435	void putDirect(ExecState*, const Identifier &propertyName, int value, int attr = 0);
436	436	void removeDirect(const Identifier &propertyName);
437	437

trunk/JavaScriptCore/kjs/object_object.cpp

-              r32652
+              r32807
     : JSObject() // [[Prototype]] is null
+{
     putDirectFunction(new PrototypeFunction(exec, functionPrototype, 0, exec->propertyNames().toString, objectProtoFuncToString), DontEnum);
     putDirectFunction(new PrototypeFunction(exec, functionPrototype, 0, exec->propertyNames().toLocaleString, objectProtoFuncToLocaleString), DontEnum);
     putDirectFunction(new PrototypeFunction(exec, functionPrototype, 0, exec->propertyNames().valueOf, objectProtoFuncValueOf), DontEnum);
     putDirectFunction(new PrototypeFunction(exec, functionPrototype, 1, exec->propertyNames().hasOwnProperty, objectProtoFuncHasOwnProperty), DontEnum);
     putDirectFunction(new PrototypeFunction(exec, functionPrototype, 1, exec->propertyNames().propertyIsEnumerable, objectProtoFuncPropertyIsEnumerable), DontEnum);
     putDirectFunction(new PrototypeFunction(exec, functionPrototype, 1, exec->propertyNames().isPrototypeOf, objectProtoFuncIsPrototypeOf), DontEnum);
+    putDirectFunction(new (exec) PrototypeFunction(exec, functionPrototype, 0, exec->propertyNames().toString, objectProtoFuncToString), DontEnum);
+    putDirectFunction(new (exec) PrototypeFunction(exec, functionPrototype, 0, exec->propertyNames().toLocaleString, objectProtoFuncToLocaleString), DontEnum);
+    putDirectFunction(new (exec) PrototypeFunction(exec, functionPrototype, 0, exec->propertyNames().valueOf, objectProtoFuncValueOf), DontEnum);
+    putDirectFunction(new (exec) PrototypeFunction(exec, functionPrototype, 1, exec->propertyNames().hasOwnProperty, objectProtoFuncHasOwnProperty), DontEnum);
+    putDirectFunction(new (exec) PrototypeFunction(exec, functionPrototype, 1, exec->propertyNames().propertyIsEnumerable, objectProtoFuncPropertyIsEnumerable), DontEnum);
+    putDirectFunction(new (exec) PrototypeFunction(exec, functionPrototype, 1, exec->propertyNames().isPrototypeOf, objectProtoFuncIsPrototypeOf), DontEnum);
     // Mozilla extensions
     putDirectFunction(new PrototypeFunction(exec, functionPrototype, 2, exec->propertyNames().__defineGetter__, objectProtoFuncDefineGetter), DontEnum);
     putDirectFunction(new PrototypeFunction(exec, functionPrototype, 2, exec->propertyNames().__defineSetter__, objectProtoFuncDefineSetter), DontEnum);
     putDirectFunction(new PrototypeFunction(exec, functionPrototype, 1, exec->propertyNames().__lookupGetter__, objectProtoFuncLookupGetter), DontEnum);
     putDirectFunction(new PrototypeFunction(exec, functionPrototype, 1, exec->propertyNames().__lookupSetter__, objectProtoFuncLookupSetter), DontEnum);
+    putDirectFunction(new (exec) PrototypeFunction(exec, functionPrototype, 2, exec->propertyNames().__defineGetter__, objectProtoFuncDefineGetter), DontEnum);
+    putDirectFunction(new (exec) PrototypeFunction(exec, functionPrototype, 2, exec->propertyNames().__defineSetter__, objectProtoFuncDefineSetter), DontEnum);
+    putDirectFunction(new (exec) PrototypeFunction(exec, functionPrototype, 1, exec->propertyNames().__lookupGetter__, objectProtoFuncLookupGetter), DontEnum);
+    putDirectFunction(new (exec) PrototypeFunction(exec, functionPrototype, 1, exec->propertyNames().__lookupSetter__, objectProtoFuncLookupSetter), DontEnum);
+}
 …
 JSValue* objectProtoFuncToLocaleString(ExecState* exec, JSObject* thisObj, const List&)
+{
     return jsString(thisObj->toString(exec));
+    return jsString(exec, thisObj->toString(exec));
+}
 JSValue* objectProtoFuncToString(ExecState*, JSObject* thisObj, const List&)
+JSValue* objectProtoFuncToString(ExecState*exec, JSObject* thisObj, const List&)
+{
     return jsString("[object " + thisObj->className() + "]");
+    return jsString(exec, "[object " + thisObj->className() + "]");
+}
 …
   // no. of arguments for constructor
   putDirect(exec->propertyNames().length, jsNumber(1), ReadOnly|DontDelete|DontEnum);
+  putDirect(exec->propertyNames().length, jsNumber(exec, 1), ReadOnly|DontDelete|DontEnum);
+}
 …
   case NullType:
   case UndefinedType:
       return new JSObject(exec->lexicalGlobalObject()->objectPrototype());
+      return new (exec) JSObject(exec->lexicalGlobalObject()->objectPrototype());
   default:
       ASSERT_NOT_REACHED();

trunk/JavaScriptCore/kjs/property_map.h

-              r32587
+              r32807
     struct PropertyMapEntry;
     struct PropertyMapHashTable;
-    class SavedProperty : Noncopyable {
-    public:
-        // Since we use this in arrays, we allocate it uninitialized
-        // and then explicitly initialize. This means we can allocate
-        // the array without initializing every saved property in the
-        // array twice. To accomplish this, the class uses data members
-        // with types that don't have constructors.
-        SavedProperty();
-        void init(UString::Rep* name, JSValue*, unsigned attributes);
-        ~SavedProperty();
-        UString::Rep* name() const;
-        JSValue* value() const;
-        unsigned attributes() const;
-    private:
-        UString::Rep* m_name;
-        JSValue* m_value;
-        unsigned m_attributes;
-    };
     class PropertyMap : Noncopyable {
 …
+    {
+    }
-    inline SavedProperty::SavedProperty()
-#ifndef NDEBUG
-        : m_name(0)
-        , m_value(0)
-        , m_attributes(0)
-#endif
+    {
+    }
-    inline void SavedProperty::init(UString::Rep* name, JSValue* value, unsigned attributes)
+    {
-        ASSERT(name);
-        ASSERT(value);
-        ASSERT(!m_name);
-        ASSERT(!m_value);
-        ASSERT(!m_attributes);
-        m_name = name;
-        m_value = value;
-        m_attributes = attributes;
-        name->ref();
-        gcProtect(value);
+    }
-    inline SavedProperty::~SavedProperty()
+    {
-        ASSERT(m_name);
-        ASSERT(m_value);
-        m_name->deref();
-        gcUnprotect(m_value);
+    }
-    inline UString::Rep* SavedProperty::name() const
+    {
-        ASSERT(m_name);
-        ASSERT(m_value);
-        return m_name;
+    }
-    inline JSValue* SavedProperty::value() const
+    {
-        ASSERT(m_name);
-        ASSERT(m_value);
-        return m_value;
+    }
-    inline unsigned SavedProperty::attributes() const
+    {
-        ASSERT(m_name);
-        ASSERT(m_value);
-        return m_attributes;
+    }
 } // namespace

trunk/JavaScriptCore/kjs/protect.h

-              r14834
+              r32807
 namespace KJS {
+    inline void gcProtect(JSValue *val)
+    {
+        Collector::protect(val);
+    inline void gcProtect(JSValue* val)
+    {
+        Heap* heap = Heap::heap(val);
+        if (heap)
+            heap->protect(val);
+    }
+    inline void gcUnprotect(JSValue *val)
+    {
+        Collector::unprotect(val);
+    inline void gcUnprotect(JSValue* val)
+    {
+        Heap* heap = Heap::heap(val);
+        if (heap)
+            heap->unprotect(val);
+    }

trunk/JavaScriptCore/kjs/regexp_object.cpp

-              r32652
+              r32807
     : JSObject(objectPrototype)
+{
     putDirectFunction(new PrototypeFunction(exec, functionPrototype, 0, exec->propertyNames().compile, regExpProtoFuncCompile), DontEnum);
     putDirectFunction(new PrototypeFunction(exec, functionPrototype, 0, exec->propertyNames().exec, regExpProtoFuncExec), DontEnum);
     putDirectFunction(new PrototypeFunction(exec, functionPrototype, 0, exec->propertyNames().test, regExpProtoFuncTest), DontEnum);
     putDirectFunction(new PrototypeFunction(exec, functionPrototype, 0, exec->propertyNames().toString, regExpProtoFuncToString), DontEnum);
+    putDirectFunction(new (exec) PrototypeFunction(exec, functionPrototype, 0, exec->propertyNames().compile, regExpProtoFuncCompile), DontEnum);
+    putDirectFunction(new (exec) PrototypeFunction(exec, functionPrototype, 0, exec->propertyNames().exec, regExpProtoFuncExec), DontEnum);
+    putDirectFunction(new (exec) PrototypeFunction(exec, functionPrototype, 0, exec->propertyNames().test, regExpProtoFuncTest), DontEnum);
+    putDirectFunction(new (exec) PrototypeFunction(exec, functionPrototype, 0, exec->propertyNames().toString, regExpProtoFuncToString), DontEnum);
+}
 …
     if (!thisObj->inherits(&RegExpImp::info)) {
         if (thisObj->inherits(&RegExpPrototype::info))
             return jsString("//");
+            return jsString(exec, "//");
         return throwError(exec, TypeError);
+    }
 …
     if (thisObj->get(exec, exec->propertyNames().multiline)->toBoolean(exec))
         result += "m";
     return jsString(result);
+    return jsString(exec, result);
+}
 …
+}
 JSValue* RegExpImp::getValueProperty(ExecState*, int token) const
+JSValue* RegExpImp::getValueProperty(ExecState* exec, int token) const
+{
     switch (token) {
 …
             return jsBoolean(m_regExp->multiline());
         case Source:
             return jsString(m_regExp->pattern());
+            return jsString(exec, m_regExp->pattern());
         case LastIndex:
             return jsNumber(m_lastIndex);
+            return jsNumber(exec, m_lastIndex);
+    }
 …
   // no. of arguments for constructor
   putDirect(exec->propertyNames().length, jsNumber(2), ReadOnly | DontDelete | DontEnum);
+  putDirect(exec->propertyNames().length, jsNumber(exec, 2), ReadOnly | DontDelete | DontEnum);
+}
 …
+{
   unsigned lastNumSubpatterns = d->lastNumSubPatterns;
   ArrayInstance* arr = new ArrayInstance(exec->lexicalGlobalObject()->arrayPrototype(), lastNumSubpatterns + 1);
+  ArrayInstance* arr = new (exec) ArrayInstance(exec->lexicalGlobalObject()->arrayPrototype(), lastNumSubpatterns + 1);
   for (unsigned i = 0; i <= lastNumSubpatterns; ++i) {
     int start = d->lastOvector[2 * i];
     if (start >= 0)
       arr->put(exec, i, jsString(d->lastInput.substr(start, d->lastOvector[2 * i + 1] - start)));
+  }
   arr->put(exec, exec->propertyNames().index, jsNumber(d->lastOvector[0]));
   arr->put(exec, exec->propertyNames().input, jsString(d->lastInput));
+      arr->put(exec, i, jsString(exec, d->lastInput.substr(start, d->lastOvector[2 * i + 1] - start)));
+  }
+  arr->put(exec, exec->propertyNames().index, jsNumber(exec, d->lastOvector[0]));
+  arr->put(exec, exec->propertyNames().input, jsString(exec, d->lastInput));
   return arr;
+}
 JSValue* RegExpObjectImp::getBackref(unsigned i) const
+JSValue* RegExpObjectImp::getBackref(ExecState* exec, unsigned i) const
+{
   if (d->lastOvector && i <= d->lastNumSubPatterns)
     return jsString(d->lastInput.substr(d->lastOvector[2 * i], d->lastOvector[2 * i + 1] - d->lastOvector[2 * i]));
   return jsString("");
+}
 JSValue* RegExpObjectImp::getLastParen() const
+    return jsString(exec, d->lastInput.substr(d->lastOvector[2 * i], d->lastOvector[2 * i + 1] - d->lastOvector[2 * i]));
+  return jsString(exec, "");
+}
+JSValue* RegExpObjectImp::getLastParen(ExecState* exec) const
+{
   unsigned i = d->lastNumSubPatterns;
   if (i > 0) {
     ASSERT(d->lastOvector);
     return jsString(d->lastInput.substr(d->lastOvector[2 * i], d->lastOvector[2 * i + 1] - d->lastOvector[2 * i]));
+  }
   return jsString("");
+}
 JSValue *RegExpObjectImp::getLeftContext() const
+    return jsString(exec, d->lastInput.substr(d->lastOvector[2 * i], d->lastOvector[2 * i + 1] - d->lastOvector[2 * i]));
+  }
+  return jsString(exec, "");
+}
+JSValue *RegExpObjectImp::getLeftContext(ExecState* exec) const
+{
   if (d->lastOvector)
     return jsString(d->lastInput.substr(0, d->lastOvector[0]));
   return jsString("");
+}
 JSValue *RegExpObjectImp::getRightContext() const
+    return jsString(exec, d->lastInput.substr(0, d->lastOvector[0]));
+  return jsString(exec, "");
+}
+JSValue *RegExpObjectImp::getRightContext(ExecState* exec) const
+{
   if (d->lastOvector) {
     UString s = d->lastInput;
     return jsString(s.substr(d->lastOvector[1], s.size() - d->lastOvector[1]));
+  }
   return jsString("");
+    return jsString(exec, s.substr(d->lastOvector[1], s.size() - d->lastOvector[1]));
+  }
+  return jsString(exec, "");
+}
 …
+}
 JSValue *RegExpObjectImp::getValueProperty(ExecState*, int token) const
+JSValue *RegExpObjectImp::getValueProperty(ExecState* exec, int token) const
+{
   switch (token) {
     case Dollar1:
       return getBackref(1);
+      return getBackref(exec, 1);
     case Dollar2:
       return getBackref(2);
+      return getBackref(exec, 2);
     case Dollar3:
       return getBackref(3);
+      return getBackref(exec, 3);
     case Dollar4:
       return getBackref(4);
+      return getBackref(exec, 4);
     case Dollar5:
       return getBackref(5);
+      return getBackref(exec, 5);
     case Dollar6:
       return getBackref(6);
+      return getBackref(exec, 6);
     case Dollar7:
       return getBackref(7);
+      return getBackref(exec, 7);
     case Dollar8:
       return getBackref(8);
+      return getBackref(exec, 8);
     case Dollar9:
       return getBackref(9);
+      return getBackref(exec, 9);
     case Input:
       return jsString(d->lastInput);
+      return jsString(exec, d->lastInput);
     case Multiline:
       return jsBoolean(d->multiline);
     case LastMatch:
       return getBackref(0);
+      return getBackref(exec, 0);
     case LastParen:
       return getLastParen();
+      return getLastParen(exec);
     case LeftContext:
       return getLeftContext();
+      return getLeftContext(exec);
     case RightContext:
       return getRightContext();
+      return getRightContext(exec);
     default:
       ASSERT(0);
+  }
   return jsString("");
+  return jsString(exec, "");
+}
 …
+{
     return regExp->isValid()
         ? new RegExpImp(static_cast<RegExpPrototype*>(exec->lexicalGlobalObject()->regExpPrototype()), regExp)
+        ? new (exec) RegExpImp(static_cast<RegExpPrototype*>(exec->lexicalGlobalObject()->regExpPrototype()), regExp)
         : throwError(exec, SyntaxError, UString("Invalid regular expression: ").append(regExp->errorMessage()));
+}

trunk/JavaScriptCore/kjs/regexp_object.h

-              r30534
+              r32807
     private:
         JSValue* getBackref(unsigned) const;
         JSValue* getLastParen() const;
         JSValue* getLeftContext() const;
         JSValue* getRightContext() const;
+        JSValue* getBackref(ExecState*, unsigned) const;
+        JSValue* getLastParen(ExecState*) const;
+        JSValue* getLeftContext(ExecState*) const;
+        JSValue* getRightContext(ExecState*) const;
         OwnPtr<RegExpObjectImpPrivate> d;

trunk/JavaScriptCore/kjs/string_object.cpp

-              r32652
+              r32807
 const ClassInfo StringInstance::info = { "String", 0, 0, 0 };
 StringInstance::StringInstance(JSObject *proto)
+StringInstance::StringInstance(ExecState* exec, JSObject* proto)
   : JSWrapperObject(proto)
+{
   setInternalValue(jsString(""));
+  setInternalValue(jsString(exec, ""));
+}
 …
+}
 StringInstance::StringInstance(JSObject *proto, const UString &string)
+StringInstance::StringInstance(ExecState* exec, JSObject* proto, const UString &string)
   : JSWrapperObject(proto)
+{
   setInternalValue(jsString(string));
+}
 JSValue *StringInstance::lengthGetter(ExecState*, JSObject*, const Identifier&, const PropertySlot &slot)
+{
     return jsNumber(static_cast<StringInstance*>(slot.slotBase())->internalValue()->value().size());
+}
 JSValue* StringInstance::indexGetter(ExecState*, JSObject*, const Identifier&, const PropertySlot& slot)
+{
     return jsString(static_cast<StringInstance*>(slot.slotBase())->internalValue()->value().substr(slot.index(), 1));
+}
 static JSValue* stringInstanceNumericPropertyGetter(ExecState*, JSObject*, unsigned index, const PropertySlot& slot)
+{
     return jsString(static_cast<StringInstance*>(slot.slotBase())->internalValue()->value().substr(index, 1));
+  setInternalValue(jsString(exec, string));
+}
+JSValue* StringInstance::lengthGetter(ExecState* exec, JSObject*, const Identifier&, const PropertySlot& slot)
+{
+    return jsNumber(exec, static_cast<StringInstance*>(slot.slotBase())->internalValue()->value().size());
+}
+JSValue* StringInstance::indexGetter(ExecState* exec, JSObject*, const Identifier&, const PropertySlot& slot)
+{
+    return jsString(exec, static_cast<StringInstance*>(slot.slotBase())->internalValue()->value().substr(slot.index(), 1));
+}
+static JSValue* stringInstanceNumericPropertyGetter(ExecState* exec, JSObject*, unsigned index, const PropertySlot& slot)
+{
+    return jsString(exec, static_cast<StringInstance*>(slot.slotBase())->internalValue()->value().substr(index, 1));
+}
 …
 // ECMA 15.5.4
 StringPrototype::StringPrototype(ExecState* exec, ObjectPrototype* objProto)
   : StringInstance(objProto)
+  : StringInstance(exec, objProto)
+{
   // The constructor will be added later, after StringObjectImp has been built
   putDirect(exec->propertyNames().length, jsNumber(0), DontDelete | ReadOnly | DontEnum);
+  putDirect(exec->propertyNames().length, jsNumber(exec, 0), DontDelete | ReadOnly | DontEnum);
+}
 …
                 args.append(jsUndefined());
               else
                 args.append(jsString(source.substr(matchStart, matchLen)));
+                args.append(jsString(exec, source.substr(matchStart, matchLen)));
+          }
           args.append(jsNumber(completeMatchStart));
+          args.append(jsNumber(exec, completeMatchStart));
           args.append(sourceVal);
 …
       return sourceVal;
     return jsString(result);
+    return jsString(exec, result);
+  }
 …
       List args;
       args.append(jsString(source.substr(matchPos, matchLen)));
       args.append(jsNumber(matchPos));
+      args.append(jsString(exec, source.substr(matchPos, matchLen)));
+      args.append(jsNumber(exec, matchPos));
       args.append(sourceVal);
 …
+  }
   return jsString(source.substr(0, matchPos) + replacementString + source.substr(matchPos + matchLen));
+  return jsString(exec, source.substr(0, matchPos) + replacementString + source.substr(matchPos + matchLen));
+}
 …
     else
       u = "";
     return jsString(u);
+    return jsString(exec, u);
+}
 …
     double dpos = a0->toInteger(exec);
     if (dpos >= 0 && dpos < len)
       result = jsNumber(s[static_cast<int>(dpos)]);
+      result = jsNumber(exec, s[static_cast<int>(dpos)]);
     else
       result = jsNaN();
+      result = jsNaN(exec);
     return result;
+}
 …
         s += (*it)->toString(exec);
+    }
     return jsString(s);
+    return jsString(exec, s);
+}
 …
     else if (dpos > len)
         dpos = len;
     return jsNumber(s.find(u2, static_cast<int>(dpos)));
+    return jsNumber(exec, s.find(u2, static_cast<int>(dpos)));
+}
 …
     else if (!(dpos <= len)) // true for NaN
         dpos = len;
     return jsNumber(s.rfind(u2, static_cast<int>(dpos)));
+    return jsNumber(exec, s.rfind(u2, static_cast<int>(dpos)));
+}
 …
       int lastIndex = 0;
       while (pos >= 0) {
         list.append(jsString(u.substr(pos, matchLength)));
+        list.append(jsString(exec, u.substr(pos, matchLength)));
         lastIndex = pos;
         pos += matchLength == 0 ? 1 : matchLength;
 …
     int matchLength;
     regExpObj->performMatch(reg.get(), u, 0, pos, matchLength);
     return jsNumber(pos);
+    return jsNumber(exec, pos);
+}
 …
     StringImp* sVal = thisObj->inherits(&StringInstance::info) ?
       static_cast<StringInstance*>(thisObj)->internalValue() :
       static_cast<StringImp*>(jsString(s));
+      static_cast<StringImp*>(jsString(exec, s));
     JSValue* a0 = args[0];
 …
         if (to > len)
             to = len;
         return jsString(s.substr(static_cast<int>(from), static_cast<int>(to - from)));
+    }
     return jsString("");
+        return jsString(exec, s.substr(static_cast<int>(from), static_cast<int>(to - from)));
+    }
+    return jsString(exec, "");
+}
 …
       if (u.isEmpty() && reg->match(u, 0) >= 0) {
         // empty string matched by regexp -> empty array
         res->put(exec, exec->propertyNames().length, jsNumber(0));
+        res->put(exec, exec->propertyNames().length, jsNumber(exec, 0));
         return result;
+      }
 …
         pos = mpos + (mlen == 0 ? 1 : mlen);
         if (mpos != p0 || mlen) {
           res->put(exec,i, jsString(u.substr(p0, mpos-p0)));
+          res->put(exec,i, jsString(exec, u.substr(p0, mpos-p0)));
           p0 = mpos + mlen;
           i++;
 …
             res->put(exec, i++, jsUndefined());
           else
             res->put(exec, i++, jsString(u.substr(spos, ovector[si * 2 + 1] - spos)));
+            res->put(exec, i++, jsString(exec, u.substr(spos, ovector[si * 2 + 1] - spos)));
+        }
+      }
 …
         if (u.isEmpty()) {
           // empty separator matches empty string -> empty array
           res->put(exec, exec->propertyNames().length, jsNumber(0));
+          res->put(exec, exec->propertyNames().length, jsNumber(exec, 0));
           return result;
         } else {
           while (static_cast<uint32_t>(i) != limit && i < u.size()-1)
             res->put(exec, i++, jsString(u.substr(p0++, 1)));
+            res->put(exec, i++, jsString(exec, u.substr(p0++, 1)));
+        }
       } else {
         while (static_cast<uint32_t>(i) != limit && (pos = u.find(u2, p0)) >= 0) {
           res->put(exec, i, jsString(u.substr(p0, pos-p0)));
+          res->put(exec, i, jsString(exec, u.substr(p0, pos - p0)));
           p0 = pos + u2.size();
           i++;
 …
     // add remaining string, if any
     if (static_cast<uint32_t>(i) != limit)
       res->put(exec, i++, jsString(u.substr(p0)));
     res->put(exec, exec->propertyNames().length, jsNumber(i));
+      res->put(exec, i++, jsString(exec, u.substr(p0)));
+    res->put(exec, exec->propertyNames().length, jsNumber(exec, i));
     return result;
+}
 …
     double length = a1->isUndefined() ? len : a1->toInteger(exec);
     if (start >= len)
       return jsString("");
+      return jsString(exec, "");
     if (length < 0)
       return jsString("");
+      return jsString(exec, "");
     if (start < 0) {
       start += len;
 …
     if (length > len)
       length = len;
     return jsString(s.substr(static_cast<int>(start), static_cast<int>(length)));
+    return jsString(exec, s.substr(static_cast<int>(start), static_cast<int>(length)));
+}
 …
       start = temp;
+    }
     return jsString(s.substr((int)start, (int)end-(int)start));
+    return jsString(exec, s.substr((int)start, (int)end-(int)start));
+}
 …
     StringImp* sVal = thisObj->inherits(&StringInstance::info)
         ? static_cast<StringInstance*>(thisObj)->internalValue()
         : static_cast<StringImp*>(jsString(s));
+        : static_cast<StringImp*>(jsString(exec, s));
     int ssize = s.size();
     if (!ssize)
 …
     if (length == ssize && memcmp(buffer.data(), s.data(), length * sizeof(UChar)) == 0)
         return sVal;
     return jsString(UString(buffer.releaseBuffer(), length, false));
+    return jsString(exec, UString(buffer.releaseBuffer(), length, false));
+}
 …
     StringImp* sVal = thisObj->inherits(&StringInstance::info)
         ? static_cast<StringInstance*>(thisObj)->internalValue()
         : static_cast<StringImp*>(jsString(s));
+        : static_cast<StringImp*>(jsString(exec, s));
     int ssize = s.size();
     if (!ssize)
 …
     if (length == ssize && memcmp(buffer.data(), s.data(), length * sizeof(UChar)) == 0)
         return sVal;
     return jsString(UString(buffer.releaseBuffer(), length, false));
+    return jsString(exec, UString(buffer.releaseBuffer(), length, false));
+}
 …
     StringImp* sVal = thisObj->inherits(&StringInstance::info)
         ? static_cast<StringInstance*>(thisObj)->internalValue()
         : static_cast<StringImp*>(jsString(s));
+        : static_cast<StringImp*>(jsString(exec, s));
     int ssize = s.size();
     if (!ssize)
 …
     if (length == ssize && memcmp(buffer.data(), s.data(), length * sizeof(UChar)) == 0)
         return sVal;
     return jsString(UString(buffer.releaseBuffer(), length, false));
+    return jsString(exec, UString(buffer.releaseBuffer(), length, false));
+}
 …
     StringImp* sVal = thisObj->inherits(&StringInstance::info)
         ? static_cast<StringInstance*>(thisObj)->internalValue()
         : static_cast<StringImp*>(jsString(s));
+        : static_cast<StringImp*>(jsString(exec, s));
     int ssize = s.size();
     if (!ssize)
 …
     if (length == ssize && memcmp(buffer.data(), s.data(), length * sizeof(UChar)) == 0)
         return sVal;
     return jsString(UString(buffer.releaseBuffer(), length, false));
+    return jsString(exec, UString(buffer.releaseBuffer(), length, false));
+}
 …
+{
     if (args.size() < 1)
       return jsNumber(0);
     // This optimizes the common case that thisObj is a StringInstance
     UString s = thisObj->inherits(&StringInstance::info) ? static_cast<StringInstance*>(thisObj)->internalValue()->value() : thisObj->toString(exec);
     JSValue* a0 = args[0];
     return jsNumber(localeCompare(s, a0->toString(exec)));
+      return jsNumber(exec, 0);
+    // This optimizes the common case that thisObj is a StringInstance
+    UString s = thisObj->inherits(&StringInstance::info) ? static_cast<StringInstance*>(thisObj)->internalValue()->value() : thisObj->toString(exec);
+    JSValue* a0 = args[0];
+    return jsNumber(exec, localeCompare(s, a0->toString(exec)));
+}
 …
     // This optimizes the common case that thisObj is a StringInstance
     UString s = thisObj->inherits(&StringInstance::info) ? static_cast<StringInstance*>(thisObj)->internalValue()->value() : thisObj->toString(exec);
     return jsString("<big>" + s + "</big>");
+    return jsString(exec, "<big>" + s + "</big>");
+}
 …
     // This optimizes the common case that thisObj is a StringInstance
     UString s = thisObj->inherits(&StringInstance::info) ? static_cast<StringInstance*>(thisObj)->internalValue()->value() : thisObj->toString(exec);
     return jsString("<small>" + s + "</small>");
+    return jsString(exec, "<small>" + s + "</small>");
+}
 …
     // This optimizes the common case that thisObj is a StringInstance
     UString s = thisObj->inherits(&StringInstance::info) ? static_cast<StringInstance*>(thisObj)->internalValue()->value() : thisObj->toString(exec);
     return jsString("<blink>" + s + "</blink>");
+    return jsString(exec, "<blink>" + s + "</blink>");
+}
 …
     // This optimizes the common case that thisObj is a StringInstance
     UString s = thisObj->inherits(&StringInstance::info) ? static_cast<StringInstance*>(thisObj)->internalValue()->value() : thisObj->toString(exec);
     return jsString("<b>" + s + "</b>");
+    return jsString(exec, "<b>" + s + "</b>");
+}
 …
     // This optimizes the common case that thisObj is a StringInstance
     UString s = thisObj->inherits(&StringInstance::info) ? static_cast<StringInstance*>(thisObj)->internalValue()->value() : thisObj->toString(exec);
     return jsString("<tt>" + s + "</tt>");
+    return jsString(exec, "<tt>" + s + "</tt>");
+}
 …
     // This optimizes the common case that thisObj is a StringInstance
     UString s = thisObj->inherits(&StringInstance::info) ? static_cast<StringInstance*>(thisObj)->internalValue()->value() : thisObj->toString(exec);
     return jsString("<i>" + s + "</i>");
+    return jsString(exec, "<i>" + s + "</i>");
+}
 …
     // This optimizes the common case that thisObj is a StringInstance
     UString s = thisObj->inherits(&StringInstance::info) ? static_cast<StringInstance*>(thisObj)->internalValue()->value() : thisObj->toString(exec);
     return jsString("<strike>" + s + "</strike>");
+    return jsString(exec, "<strike>" + s + "</strike>");
+}
 …
     // This optimizes the common case that thisObj is a StringInstance
     UString s = thisObj->inherits(&StringInstance::info) ? static_cast<StringInstance*>(thisObj)->internalValue()->value() : thisObj->toString(exec);
     return jsString("<sub>" + s + "</sub>");
+    return jsString(exec, "<sub>" + s + "</sub>");
+}
 …
     // This optimizes the common case that thisObj is a StringInstance
     UString s = thisObj->inherits(&StringInstance::info) ? static_cast<StringInstance*>(thisObj)->internalValue()->value() : thisObj->toString(exec);
     return jsString("<sup>" + s + "</sup>");
+    return jsString(exec, "<sup>" + s + "</sup>");
+}
 …
     UString s = thisObj->inherits(&StringInstance::info) ? static_cast<StringInstance*>(thisObj)->internalValue()->value() : thisObj->toString(exec);
     JSValue* a0 = args[0];
     return jsString("<font color=\"" + a0->toString(exec) + "\">" + s + "</font>");
+    return jsString(exec, "<font color=\"" + a0->toString(exec) + "\">" + s + "</font>");
+}
 …
     UString s = thisObj->inherits(&StringInstance::info) ? static_cast<StringInstance*>(thisObj)->internalValue()->value() : thisObj->toString(exec);
     JSValue* a0 = args[0];
     return jsString("<font size=\"" + a0->toString(exec) + "\">" + s + "</font>");
+    return jsString(exec, "<font size=\"" + a0->toString(exec) + "\">" + s + "</font>");
+}
 …
     UString s = thisObj->inherits(&StringInstance::info) ? static_cast<StringInstance*>(thisObj)->internalValue()->value() : thisObj->toString(exec);
     JSValue* a0 = args[0];
     return jsString("<a name=\"" + a0->toString(exec) + "\">" + s + "</a>");
+    return jsString(exec, "<a name=\"" + a0->toString(exec) + "\">" + s + "</a>");
+}
 …
     UString s = thisObj->inherits(&StringInstance::info) ? static_cast<StringInstance*>(thisObj)->internalValue()->value() : thisObj->toString(exec);
     JSValue* a0 = args[0];
     return jsString("<a href=\"" + a0->toString(exec) + "\">" + s + "</a>");
+    return jsString(exec, "<a href=\"" + a0->toString(exec) + "\">" + s + "</a>");
+}
 …
   putDirect(exec->propertyNames().prototype, stringProto, DontEnum|DontDelete|ReadOnly);
   putDirectFunction(new StringObjectFuncImp(exec, funcProto, exec->propertyNames().fromCharCode), DontEnum);
+  putDirectFunction(new (exec) StringObjectFuncImp(exec, funcProto, exec->propertyNames().fromCharCode), DontEnum);
   // no. of arguments for constructor
   putDirect(exec->propertyNames().length, jsNumber(1), ReadOnly|DontDelete|DontEnum);
+  putDirect(exec->propertyNames().length, jsNumber(exec, 1), ReadOnly|DontDelete|DontEnum);
+}
 …
   JSObject *proto = exec->lexicalGlobalObject()->stringPrototype();
   if (args.size() == 0)
     return new StringInstance(proto);
   return new StringInstance(proto, args[0]->toString(exec));
+    return new (exec) StringInstance(exec, proto);
+  return new (exec) StringInstance(exec, proto, args[0]->toString(exec));
+}
 …
+{
   if (args.isEmpty())
     return jsString("");
+    return jsString(exec, "");
   else {
     JSValue *v = args[0];
     return jsString(v->toString(exec));
+    return jsString(exec, v->toString(exec));
+  }
+}
 …
   : InternalFunctionImp(funcProto, name)
+{
   putDirect(exec->propertyNames().length, jsNumber(1), DontDelete|ReadOnly|DontEnum);
+  putDirect(exec->propertyNames().length, jsNumber(exec, 1), DontDelete|ReadOnly|DontEnum);
+}
 …
     s = "";
   return jsString(s);
+  return jsString(exec, s);
+}

trunk/JavaScriptCore/kjs/string_object.h

-              r30534
+              r32807
   class StringInstance : public JSWrapperObject {
   public:
     StringInstance(JSObject *proto);
+    StringInstance(ExecState*, JSObject* proto);
     StringInstance(JSObject *proto, StringImp*);
     StringInstance(JSObject *proto, const UString&);
+    StringInstance(ExecState*, JSObject* proto, const UString&);
     virtual bool getOwnPropertySlot(ExecState*, const Identifier&, PropertySlot&);
 …
   class StringInstanceThatMasqueradesAsUndefined : public StringInstance {
   public:
       StringInstanceThatMasqueradesAsUndefined(JSObject* proto, const UString& string)
           : StringInstance(proto, string) { }
+      StringInstanceThatMasqueradesAsUndefined(ExecState* exec, JSObject* proto, const UString& string)
+          : StringInstance(exec, proto, string) { }
       virtual bool masqueradeAsUndefined() const { return true; }
       virtual bool toBoolean(ExecState*) const { return false; }

trunk/JavaScriptCore/kjs/testkjs.cpp

-              r31404
+              r32807
 GlobalObject::GlobalObject(Vector<UString>& arguments)
+{
     putDirectFunction(new PrototypeFunction(globalExec(), functionPrototype(), 1, "debug", functionDebug));
     putDirectFunction(new PrototypeFunction(globalExec(), functionPrototype(), 1, "print", functionPrint));
     putDirectFunction(new PrototypeFunction(globalExec(), functionPrototype(), 0, "quit", functionQuit));
     putDirectFunction(new PrototypeFunction(globalExec(), functionPrototype(), 0, "gc", functionGC));
     putDirectFunction(new PrototypeFunction(globalExec(), functionPrototype(), 1, "version", functionVersion));
     putDirectFunction(new PrototypeFunction(globalExec(), functionPrototype(), 1, "run", functionRun));
     putDirectFunction(new PrototypeFunction(globalExec(), functionPrototype(), 1, "load", functionLoad));
     putDirectFunction(new PrototypeFunction(globalExec(), functionPrototype(), 0, "readline", functionReadline));
+    putDirectFunction(new (globalExec()) PrototypeFunction(globalExec(), functionPrototype(), 1, "debug", functionDebug));
+    putDirectFunction(new (globalExec()) PrototypeFunction(globalExec(), functionPrototype(), 1, "print", functionPrint));
+    putDirectFunction(new (globalExec()) PrototypeFunction(globalExec(), functionPrototype(), 0, "quit", functionQuit));
+    putDirectFunction(new (globalExec()) PrototypeFunction(globalExec(), functionPrototype(), 0, "gc", functionGC));
+    putDirectFunction(new (globalExec()) PrototypeFunction(globalExec(), functionPrototype(), 1, "version", functionVersion));
+    putDirectFunction(new (globalExec()) PrototypeFunction(globalExec(), functionPrototype(), 1, "run", functionRun));
+    putDirectFunction(new (globalExec()) PrototypeFunction(globalExec(), functionPrototype(), 1, "load", functionLoad));
+    putDirectFunction(new (globalExec()) PrototypeFunction(globalExec(), functionPrototype(), 0, "readline", functionReadline));
     JSObject* array = arrayConstructor()->construct(globalExec(), globalExec()->emptyList());
     for (size_t i = 0; i < arguments.size(); ++i)
         array->put(globalExec(), i, jsString(arguments[i]));
+        array->put(globalExec(), i, jsString(globalExec(), arguments[i]));
     putDirect("arguments", array);
 …
+}
 JSValue* functionGC(ExecState*, JSObject*, const List&)
+JSValue* functionGC(ExecState* exec, JSObject*, const List&)
+{
     JSLock lock;
     Collector::collect();
+    exec->heap()->collect();
     return jsUndefined();
+}
 …
     stopWatch.stop();
     return jsNumber(stopWatch.getElapsedMS());
+    return jsNumber(exec, stopWatch.getElapsedMS());
+}
 …
+}
 JSValue* functionReadline(ExecState*, JSObject*, const List&)
+JSValue* functionReadline(ExecState* exec, JSObject*, const List&)
+{
     Vector<char, 256> line;
 …
+    }
     line.append('\0');
     return jsString(line.data());
+    return jsString(exec, line.data());
+}
 …
 #ifndef NDEBUG
     Collector::collect();
+    Heap::threadHeap()->collect();
 #endif

trunk/JavaScriptCore/kjs/ustring.h

r32609	r32807
397	397	// FIXME: this should be size_t but that would cause warnings until we
398	398	// fix UString sizes to be size_t instead of int
399		static const int minShareSize = ~~Collector~~::minExtraCostSize / sizeof(UChar);
	399	static const int minShareSize = Heap::minExtraCostSize / sizeof(UChar);
400	400
401	401	inline size_t UString::cost() const

trunk/JavaScriptCore/kjs/value.cpp

-              r29243
+              r32807
 static const double D32 = 4294967296.0;
 void *JSCell::operator new(size_t size)
+{
     return Collector::allocate(size);
+void* JSCell::operator new(size_t size, ExecState* exec)
+{
+    return exec->heap()->allocate(size);
+}
 …
+}
 JSCell* jsString(const char* s)
+{
     return new StringImp(s ? s : "");
+}
 JSCell* jsString(const UString& s)
+{
     return s.isNull() ? new StringImp("") : new StringImp(s);
+}
 JSCell* jsOwnedString(const UString& s)
+{
     return s.isNull() ? new StringImp("", StringImp::HasOtherOwner) : new StringImp(s, StringImp::HasOtherOwner);
+JSCell* jsString(ExecState* exec, const char* s)
+{
+    return new (exec) StringImp(s ? s : "");
+}
+JSCell* jsString(ExecState* exec, const UString& s)
+{
+    return s.isNull() ? new (exec) StringImp("") : new (exec) StringImp(s);
+}
+JSCell* jsOwnedString(ExecState* exec, const UString& s)
+{
+    return s.isNull() ? new (exec) StringImp("", StringImp::HasOtherOwner) : new (exec) StringImp(s, StringImp::HasOtherOwner);
+}
 // This method includes a PIC branch to set up the NumberImp's vtable, so we quarantine
 // it in a separate function to keep the normal case speedy.
 JSValue *jsNumberCell(double d)
+{
     return new NumberImp(d);
+JSValue* jsNumberCell(ExecState* exec, double d)
+{
+    return new (exec) NumberImp(d);
+}

trunk/JavaScriptCore/kjs/value.h

-              r31208
+              r32807
 class JSValue : Noncopyable {
     friend class JSCell; // so it can derive from this class
     friend class Collector; // so it can call asCell()
+    friend class Heap; // so it can call asCell()
 private:
 …
 class JSCell : public JSValue {
     friend class Collector;
+    friend class Heap;
     friend class NumberImp;
     friend class StringImp;
 …
     // Garbage collection.
     void *operator new(size_t);
+    void* operator new(size_t, ExecState*);
     virtual void mark();
     bool marked() const;
 };
 JSValue *jsNumberCell(double);
 JSCell *jsString(const UString&); // returns empty string if passed null string
 JSCell *jsString(const char* = ""); // returns empty string if passed 0
+JSValue* jsNumberCell(ExecState*, double);
+JSCell* jsString(ExecState*, const UString&); // returns empty string if passed null string
+JSCell* jsString(ExecState*, const char* = ""); // returns empty string if passed 0
 // should be used for strings that are owned by an object that will
 // likely outlive the JSValue this makes, such as the parse tree or a
 // DOM object that contains a UString
 JSCell *jsOwnedString(const UString&);
+JSCell* jsOwnedString(ExecState*, const UString&);
 extern const double NaN;
 …
+}
 inline JSValue *jsNaN()
+{
     return jsNumberCell(NaN);
+inline JSValue* jsNaN(ExecState* exec)
+{
+    return jsNumberCell(exec, NaN);
+}
 …
+}
 ALWAYS_INLINE JSValue* jsNumber(double d)
+ALWAYS_INLINE JSValue* jsNumber(ExecState* exec, double d)
+{
     JSValue* v = JSImmediate::from(d);
     return v ? v : jsNumberCell(d);
+}
 ALWAYS_INLINE JSValue* jsNumber(int i)
+    return v ? v : jsNumberCell(exec, d);
+}
+ALWAYS_INLINE JSValue* jsNumber(ExecState* exec, int i)
+{
     JSValue* v = JSImmediate::from(i);
     return v ? v : jsNumberCell(i);
+}
 ALWAYS_INLINE JSValue* jsNumber(unsigned i)
+    return v ? v : jsNumberCell(exec, i);
+}
+ALWAYS_INLINE JSValue* jsNumber(ExecState* exec, unsigned i)
+{
     JSValue* v = JSImmediate::from(i);
     return v ? v : jsNumberCell(i);
+}
 ALWAYS_INLINE JSValue* jsNumber(long i)
+    return v ? v : jsNumberCell(exec, i);
+}
+ALWAYS_INLINE JSValue* jsNumber(ExecState* exec, long i)
+{
     JSValue* v = JSImmediate::from(i);
     return v ? v : jsNumberCell(i);
+}
 ALWAYS_INLINE JSValue* jsNumber(unsigned long i)
+    return v ? v : jsNumberCell(exec, i);
+}
+ALWAYS_INLINE JSValue* jsNumber(ExecState* exec, unsigned long i)
+{
     JSValue* v = JSImmediate::from(i);
     return v ? v : jsNumberCell(i);
+}
 ALWAYS_INLINE JSValue* jsNumber(long long i)
+    return v ? v : jsNumberCell(exec, i);
+}
+ALWAYS_INLINE JSValue* jsNumber(ExecState* exec, long long i)
+{
     JSValue* v = JSImmediate::from(i);
     return v ? v : jsNumberCell(static_cast<double>(i));
+}
 ALWAYS_INLINE JSValue* jsNumber(unsigned long long i)
+    return v ? v : jsNumberCell(exec, static_cast<double>(i));
+}
+ALWAYS_INLINE JSValue* jsNumber(ExecState* exec, unsigned long long i)
+{
     JSValue* v = JSImmediate::from(i);
     return v ? v : jsNumberCell(static_cast<double>(i));
+    return v ? v : jsNumberCell(exec, static_cast<double>(i));
+}
 …
     if (JSImmediate::areBothImmediateNumbers(v1, v2))
         return JSImmediate::andImmediateNumbers(v1, v2);
     return jsNumber(v1->toInt32(exec) & v2->toInt32(exec));
+    return jsNumber(exec, v1->toInt32(exec) & v2->toInt32(exec));
+}
 …
 inline bool JSCell::marked() const
+{
     return Collector::isCellMarked(this);
+    return Heap::isCellMarked(this);
+}
 inline void JSCell::mark()
+{
     return Collector::markCell(this);
+    return Heap::markCell(this);
+}
 …
 ALWAYS_INLINE JSValue* JSValue::toJSNumber(ExecState* exec) const
+{
     return JSImmediate::isNumber(this) ? const_cast<JSValue*>(this) : jsNumber(this->toNumber(exec));
+    return JSImmediate::isNumber(this) ? const_cast<JSValue*>(this) : jsNumber(exec, this->toNumber(exec));
+}

trunk/JavaScriptCore/wtf/ThreadSpecific.h

r32000	r32807
110	110	T* ptr = static_cast<T*>(get());
111	111	if (!ptr) {
112		ptr = new T;
	112	ptr = new T();
113	113	set(ptr);
114	114	}

Context Navigation

Changeset 32807 in webkit for trunk/JavaScriptCore

Legend:

Download in other formats: