Changeset 35807 in webkit

Timestamp:

Aug 17, 2008, 1:23:49 PM (17 years ago)

Author:

[email protected]

Message:

JavaScriptCore:

2008-08-17 Geoffrey Garen <​[email protected]>

Reviewed by Cameron Zwarich.

Made room for a free word in JSCell.

SunSpider says no change.

I changed JSCallbackObjectData, Arguments, JSArray, and RegExpObject to
store auxiliary data in a secondary structure.

I changed InternalFunction to store the function's name in the property
map.

I changed JSGlobalObjectData to use a virtual destructor, so WebCore's
JSDOMWindowBaseData could inherit from it safely. (It's a strange design
for JSDOMWindowBase to allocate an object that JSGlobalObject deletes,
but that's really our only option, given the size constraint.)

I also added a bunch of compile-time ASSERTs, and removed lots of comments
in JSObject.h because they were often out of date, and they got in the
way of reading what was actually going on.

Also renamed JSArray::getLength to JSArray::length, to match our style
guidelines.

WebCore:

2008-08-17 Geoffrey Garen <​[email protected]>

Reviewed by Cameron Zwarich.

Made room for a free word in JSCell.

Changed JSDOMWindowBase to store its auxiliary data in a subclass of
JSGlobalData, so the two could share a pointer.

Added a bunch of ASSERTs, to help catch over-sized objects.

WebKit/mac:

2008-08-17 Geoffrey Garen <​[email protected]>

Reviewed by Cameron Zwarich.

Made room for a free word in JSCell.

(Updated for JavaScriptCore changes.)

Location:

trunk

Files:

• JavaScriptCore/API/JSCallbackFunction.cpp (modified) (1 diff)
• JavaScriptCore/API/JSCallbackObject.cpp (modified) (1 diff)
• JavaScriptCore/API/JSCallbackObject.h (modified) (2 diffs)
• JavaScriptCore/API/JSCallbackObjectFunctions.h (modified) (22 diffs)
• JavaScriptCore/ChangeLog (modified) (1 diff)
• JavaScriptCore/JavaScriptCore.exp (modified) (2 diffs)
• JavaScriptCore/VM/JSPropertyNameIterator.cpp (modified) (1 diff)
• JavaScriptCore/VM/Machine.cpp (modified) (3 diffs)
• JavaScriptCore/kjs/Arguments.cpp (modified) (7 diffs)
• JavaScriptCore/kjs/Arguments.h (modified) (1 diff)
• JavaScriptCore/kjs/ArrayConstructor.cpp (modified) (1 diff)
• JavaScriptCore/kjs/ArrayPrototype.cpp (modified) (2 diffs)
• JavaScriptCore/kjs/BooleanConstructor.cpp (modified) (1 diff)
• JavaScriptCore/kjs/BooleanObject.cpp (modified) (1 diff)
• JavaScriptCore/kjs/BooleanPrototype.cpp (modified) (2 diffs)
• JavaScriptCore/kjs/DateConstructor.cpp (modified) (2 diffs)
• JavaScriptCore/kjs/DatePrototype.cpp (modified) (1 diff)
• JavaScriptCore/kjs/DebuggerCallFrame.cpp (modified) (1 diff)
• JavaScriptCore/kjs/DebuggerCallFrame.h (modified) (3 diffs)
• JavaScriptCore/kjs/ErrorConstructor.cpp (modified) (1 diff)
• JavaScriptCore/kjs/ErrorPrototype.cpp (modified) (2 diffs)
• JavaScriptCore/kjs/FunctionConstructor.cpp (modified) (1 diff)
• JavaScriptCore/kjs/FunctionPrototype.cpp (modified) (3 diffs)
• JavaScriptCore/kjs/GlobalEvalFunction.cpp (modified) (1 diff)
• JavaScriptCore/kjs/InternalFunction.cpp (modified) (2 diffs)
• JavaScriptCore/kjs/InternalFunction.h (modified) (1 diff)
• JavaScriptCore/kjs/JSActivation.cpp (modified) (1 diff)
• JavaScriptCore/kjs/JSArray.cpp (modified) (17 diffs)
• JavaScriptCore/kjs/JSArray.h (modified) (3 diffs)
• JavaScriptCore/kjs/JSCell.h (modified) (1 diff)
• JavaScriptCore/kjs/JSFunction.cpp (modified) (6 diffs)
• JavaScriptCore/kjs/JSFunction.h (modified) (1 diff)
• JavaScriptCore/kjs/JSGlobalObject.cpp (modified) (2 diffs)
• JavaScriptCore/kjs/JSGlobalObject.h (modified) (2 diffs)
• JavaScriptCore/kjs/JSNotAnObject.cpp (modified) (1 diff)
• JavaScriptCore/kjs/JSObject.cpp (modified) (2 diffs)
• JavaScriptCore/kjs/JSObject.h (modified) (5 diffs)
• JavaScriptCore/kjs/JSStaticScopeObject.cpp (modified) (1 diff)
• JavaScriptCore/kjs/JSWrapperObject.cpp (modified) (1 diff)
• JavaScriptCore/kjs/MathObject.cpp (modified) (1 diff)
• JavaScriptCore/kjs/NativeErrorConstructor.cpp (modified) (1 diff)
• JavaScriptCore/kjs/NativeErrorPrototype.cpp (modified) (1 diff)
• JavaScriptCore/kjs/NumberConstructor.cpp (modified) (2 diffs)
• JavaScriptCore/kjs/NumberObject.cpp (modified) (1 diff)
• JavaScriptCore/kjs/NumberPrototype.cpp (modified) (2 diffs)
• JavaScriptCore/kjs/ObjectConstructor.cpp (modified) (1 diff)
• JavaScriptCore/kjs/ObjectPrototype.cpp (modified) (2 diffs)
• JavaScriptCore/kjs/PrototypeFunction.cpp (modified) (2 diffs)
• JavaScriptCore/kjs/RegExpConstructor.cpp (modified) (2 diffs)
• JavaScriptCore/kjs/RegExpObject.cpp (modified) (5 diffs)
• JavaScriptCore/kjs/RegExpObject.h (modified) (3 diffs)
• JavaScriptCore/kjs/RegExpPrototype.cpp (modified) (2 diffs)
• JavaScriptCore/kjs/Shell.cpp (modified) (1 diff)
• JavaScriptCore/kjs/StringConstructor.cpp (modified) (2 diffs)
• JavaScriptCore/kjs/StringObject.cpp (modified) (1 diff)
• JavaScriptCore/kjs/StringPrototype.cpp (modified) (1 diff)
• JavaScriptCore/kjs/collector.h (modified) (1 diff)
• JavaScriptCore/profiler/Profiler.cpp (modified) (7 diffs)
• WebCore/ChangeLog (modified) (1 diff)
• WebCore/WebCore.xcodeproj/project.pbxproj (modified) (1 diff)
• WebCore/bindings/js/JSDOMWindowBase.cpp (modified) (21 diffs)
• WebCore/bindings/js/JSDOMWindowBase.h (modified) (3 diffs)
• WebCore/bindings/js/JSDOMWindowCustom.h (modified) (2 diffs)
• WebCore/bindings/js/JSDOMWindowShell.cpp (modified) (1 diff)
• WebCore/bindings/js/JSEventListener.cpp (modified) (1 diff)
• WebCore/bindings/js/JSEventTargetNode.cpp (modified) (1 diff)
• WebCore/bindings/js/JSHTMLInputElementBase.cpp (modified) (1 diff)
• WebCore/bindings/js/JSHTMLOptionElementConstructor.cpp (modified) (1 diff)
• WebCore/bindings/js/JSImageConstructor.cpp (modified) (1 diff)
• WebCore/bindings/js/JSInspectedObjectWrapper.cpp (modified) (1 diff)
• WebCore/bindings/js/JSInspectorCallbackWrapper.cpp (modified) (1 diff)
• WebCore/bindings/js/JSNSResolver.cpp (modified) (1 diff)
• WebCore/bindings/js/JSNamedNodesCollection.cpp (modified) (6 diffs)
• WebCore/bindings/js/JSNamedNodesCollection.h (modified) (1 diff)
• WebCore/bindings/js/JSNodeFilterCondition.cpp (modified) (1 diff)
• WebCore/bindings/js/JSQuarantinedObjectWrapper.cpp (modified) (1 diff)
• WebCore/bindings/js/JSRGBColor.cpp (modified) (1 diff)
• WebCore/bindings/js/JSXMLHttpRequestConstructor.cpp (modified) (1 diff)
• WebCore/bindings/js/JSXSLTProcessorConstructor.cpp (modified) (1 diff)
• WebCore/bindings/scripts/CodeGeneratorJS.pm (modified) (1 diff)
• WebCore/bridge/jni/jni_utility.cpp (modified) (1 diff)
• WebCore/bridge/runtime_method.cpp (modified) (1 diff)
• WebKit/mac/ChangeLog (modified) (1 diff)
• WebKit/mac/WebView/WebScriptDebugger.mm (modified) (1 diff)
• WebKit/mac/WebView/WebView.mm (modified) (1 diff)

trunk/JavaScriptCore/API/JSCallbackFunction.cpp

@@ -37 +37 @@
 namespace KJS {
 
+ASSERT_CLASS_FITS_IN_CELL(JSCallbackFunction);
+
 const ClassInfo JSCallbackFunction::info = { "CallbackFunction", &InternalFunction::info, 0, 0 };
 
 JSCallbackFunction::JSCallbackFunction(ExecState* exec, JSObjectCallAsFunctionCallback callback, const Identifier& name)
-    : InternalFunction(exec->lexicalGlobalObject()->functionPrototype(), name)
+    : InternalFunction(exec, exec->lexicalGlobalObject()->functionPrototype(), name)
     , m_callback(callback)
 {

trunk/JavaScriptCore/API/JSCallbackObject.cpp

@@ -33 +33 @@
 namespace KJS {
 
+ASSERT_CLASS_FITS_IN_CELL(JSCallbackObject<JSObject>);
+ASSERT_CLASS_FITS_IN_CELL(JSCallbackObject<JSGlobalObject>);
+
 // Define the two types of JSCallbackObjects we support.
 template <> const ClassInfo JSCallbackObject<JSObject>::info = { "CallbackObject", 0, 0, 0 };
 template <> const ClassInfo JSCallbackObject<JSGlobalObject>::info = { "CallbackGlobalObject", 0, 0, 0 };
 
-COMPILE_ASSERT(sizeof(JSCallbackObject<JSGlobalObject>) <= CELL_SIZE, global_callback_object_fits_in_cell);
-
 } // namespace KJS

trunk/JavaScriptCore/API/JSCallbackObject.h

@@ -47 +47 @@
     static const ClassInfo info;
 
-    JSClassRef classRef() const { return m_class; }
+    JSClassRef classRef() const { return m_callbackObjectData->jsClass; }
     bool inherits(JSClassRef) const;
 
@@ -83 +83 @@
     static JSValue* staticFunctionGetter(ExecState*, const Identifier&, const PropertySlot&);
     static JSValue* callbackGetter(ExecState*, const Identifier&, const PropertySlot&);
+
+    struct JSCallbackObjectData {
+        JSCallbackObjectData(void* privateData_, JSClassRef jsClass_)
+            : privateData(privateData_)
+            , jsClass(jsClass_)
+        {
+            JSClassRetain(jsClass);
+        }
+        
+        ~JSCallbackObjectData()
+        {
+            JSClassRelease(jsClass);
+        }
+        
+        void* privateData;
+        JSClassRef jsClass;
+    };
     
-    void* m_privateData;
-    JSClassRef m_class;
+    OwnPtr<JSCallbackObjectData> m_callbackObjectData;
 };
 

trunk/JavaScriptCore/API/JSCallbackObjectFunctions.h

@@ -43 +43 @@
 JSCallbackObject<Base>::JSCallbackObject(ExecState* exec, JSClassRef jsClass, JSValue* prototype, void* data)
     : Base(prototype)
-    , m_privateData(data)
-    , m_class(JSClassRetain(jsClass))
+    , m_callbackObjectData(new JSCallbackObjectData(data, jsClass))
 {
     init(exec);
@@ -53 +52 @@
 template <class Base>
 JSCallbackObject<Base>::JSCallbackObject(JSClassRef jsClass)
-    : m_privateData(0)
-    , m_class(JSClassRetain(jsClass))
+    : m_callbackObjectData(new JSCallbackObjectData(0, jsClass))
 {
     ASSERT(Base::isGlobalObject());
@@ -66 +64 @@
     
     Vector<JSObjectInitializeCallback, 16> initRoutines;
-    JSClassRef jsClass = m_class;
+    JSClassRef jsClass = classRef();
     do {
         if (JSObjectInitializeCallback initialize = jsClass->initialize)
@@ -84 +82 @@
     JSObjectRef thisRef = toRef(this);
     
-    for (JSClassRef jsClass = m_class; jsClass; jsClass = jsClass->parentClass)
-        if (JSObjectFinalizeCallback finalize = jsClass->finalize) {
+    for (JSClassRef jsClass = classRef(); jsClass; jsClass = jsClass->parentClass)
+        if (JSObjectFinalizeCallback finalize = jsClass->finalize)
             finalize(thisRef);
-        }
-            
-    JSClassRelease(m_class);
 }
 
@@ -95 +90 @@
 UString JSCallbackObject<Base>::className() const
 {
-    UString thisClassName = m_class->className();
+    UString thisClassName = classRef()->className();
     if (!thisClassName.isNull())
         return thisClassName;
@@ -109 +104 @@
     RefPtr<OpaqueJSString> propertyNameRef;
     
-    for (JSClassRef jsClass = m_class; jsClass; jsClass = jsClass->parentClass) {
+    for (JSClassRef jsClass = classRef(); jsClass; jsClass = jsClass->parentClass) {
         // optional optimization to bypass getProperty in cases when we only need to know if the property exists
         if (JSObjectHasPropertyCallback hasProperty = jsClass->hasProperty) {
@@ -162 +157 @@
     JSValueRef valueRef = toRef(value);
     
-    for (JSClassRef jsClass = m_class; jsClass; jsClass = jsClass->parentClass) {
+    for (JSClassRef jsClass = classRef(); jsClass; jsClass = jsClass->parentClass) {
         if (JSObjectSetPropertyCallback setProperty = jsClass->setProperty) {
             if (!propertyNameRef)
@@ -210 +205 @@
     RefPtr<OpaqueJSString> propertyNameRef;
     
-    for (JSClassRef jsClass = m_class; jsClass; jsClass = jsClass->parentClass) {
+    for (JSClassRef jsClass = classRef(); jsClass; jsClass = jsClass->parentClass) {
         if (JSObjectDeletePropertyCallback deleteProperty = jsClass->deleteProperty) {
             if (!propertyNameRef)
@@ -247 +242 @@
 ConstructType JSCallbackObject<Base>::getConstructData(ConstructData& constructData)
 {
-    for (JSClassRef jsClass = m_class; jsClass; jsClass = jsClass->parentClass) {
+    for (JSClassRef jsClass = classRef(); jsClass; jsClass = jsClass->parentClass) {
         if (jsClass->callAsConstructor) {
             constructData.native.function = construct;
@@ -279 +274 @@
 bool JSCallbackObject<Base>::implementsHasInstance() const
 {
-    for (JSClassRef jsClass = m_class; jsClass; jsClass = jsClass->parentClass)
+    for (JSClassRef jsClass = classRef(); jsClass; jsClass = jsClass->parentClass)
         if (jsClass->hasInstance)
             return true;
@@ -292 +287 @@
     JSObjectRef thisRef = toRef(this);
     
-    for (JSClassRef jsClass = m_class; jsClass; jsClass = jsClass->parentClass) {
+    for (JSClassRef jsClass = classRef(); jsClass; jsClass = jsClass->parentClass) {
         if (JSObjectHasInstanceCallback hasInstance = jsClass->hasInstance)
             return hasInstance(execRef, thisRef, toRef(value), toRef(exec->exceptionSlot()));
@@ -303 +298 @@
 CallType JSCallbackObject<Base>::getCallData(CallData& callData)
 {
-    for (JSClassRef jsClass = m_class; jsClass; jsClass = jsClass->parentClass) {
+    for (JSClassRef jsClass = classRef(); jsClass; jsClass = jsClass->parentClass) {
         if (jsClass->callAsFunction) {
             callData.native.function = call;
@@ -319 +314 @@
     JSObjectRef thisObjRef = toRef(thisValue->toThisObject(exec));
     
-    for (JSClassRef jsClass = static_cast<JSCallbackObject<Base>*>(functionObject)->m_class; jsClass; jsClass = jsClass->parentClass) {
+    for (JSClassRef jsClass = static_cast<JSCallbackObject<Base>*>(functionObject)->classRef(); jsClass; jsClass = jsClass->parentClass) {
         if (JSObjectCallAsFunctionCallback callAsFunction = jsClass->callAsFunction) {
             int argumentCount = static_cast<int>(args.size());
@@ -339 +334 @@
     JSObjectRef thisRef = toRef(this);
     
-    for (JSClassRef jsClass = m_class; jsClass; jsClass = jsClass->parentClass) {
+    for (JSClassRef jsClass = classRef(); jsClass; jsClass = jsClass->parentClass) {
         if (JSObjectGetPropertyNamesCallback getPropertyNames = jsClass->getPropertyNames)
             getPropertyNames(execRef, thisRef, toRef(&propertyNames));
@@ -380 +375 @@
     JSObjectRef thisRef = toRef(this);
     
-    for (JSClassRef jsClass = m_class; jsClass; jsClass = jsClass->parentClass)
+    for (JSClassRef jsClass = classRef(); jsClass; jsClass = jsClass->parentClass)
         if (JSObjectConvertToTypeCallback convertToType = jsClass->convertToType) {
             if (JSValueRef value = convertToType(ctx, thisRef, kJSTypeNumber, toRef(exec->exceptionSlot())))
@@ -395 +390 @@
     JSObjectRef thisRef = toRef(this);
     
-    for (JSClassRef jsClass = m_class; jsClass; jsClass = jsClass->parentClass)
+    for (JSClassRef jsClass = classRef(); jsClass; jsClass = jsClass->parentClass)
         if (JSObjectConvertToTypeCallback convertToType = jsClass->convertToType) {
             JSValueRef value = convertToType(ctx, thisRef, kJSTypeString, toRef(exec->exceptionSlot()));
@@ -408 +403 @@
 void JSCallbackObject<Base>::setPrivate(void* data)
 {
-    m_privateData = data;
+    m_callbackObjectData->privateData = data;
 }
 
@@ -414 +409 @@
 void* JSCallbackObject<Base>::getPrivate()
 {
-    return m_privateData;
+    return m_callbackObjectData->privateData;
 }
 
@@ -420 +415 @@
 bool JSCallbackObject<Base>::inherits(JSClassRef c) const
 {
-    for (JSClassRef jsClass = m_class; jsClass; jsClass = jsClass->parentClass)
+    for (JSClassRef jsClass = classRef(); jsClass; jsClass = jsClass->parentClass)
         if (jsClass == c)
             return true;
@@ -444 +439 @@
     RefPtr<OpaqueJSString> propertyNameRef;
     
-    for (JSClassRef jsClass = thisObj->m_class; jsClass; jsClass = jsClass->parentClass)
+    for (JSClassRef jsClass = thisObj->classRef(); jsClass; jsClass = jsClass->parentClass)
         if (OpaqueJSClassStaticValuesTable* staticValues = jsClass->staticValues(exec))
             if (StaticValueEntry* entry = staticValues->get(propertyName.ustring().rep()))
@@ -468 +463 @@
         return slot2.getValue(exec, propertyName);
     
-    for (JSClassRef jsClass = thisObj->m_class; jsClass; jsClass = jsClass->parentClass) {
+    for (JSClassRef jsClass = thisObj->classRef(); jsClass; jsClass = jsClass->parentClass) {
         if (OpaqueJSClassStaticFunctionsTable* staticFunctions = jsClass->staticFunctions(exec)) {
             if (StaticFunctionEntry* entry = staticFunctions->get(propertyName.ustring().rep())) {
@@ -492 +487 @@
     RefPtr<OpaqueJSString> propertyNameRef;
     
-    for (JSClassRef jsClass = thisObj->m_class; jsClass; jsClass = jsClass->parentClass)
+    for (JSClassRef jsClass = thisObj->classRef(); jsClass; jsClass = jsClass->parentClass)
         if (JSObjectGetPropertyCallback getProperty = jsClass->getProperty) {
             if (!propertyNameRef)

trunk/JavaScriptCore/ChangeLog

@@ +1 @@
+2008-08-17  Geoffrey Garen  <[email protected]>
+
+        Reviewed by Cameron Zwarich.
+
+        Made room for a free word in JSCell.
+        
+        SunSpider says no change.
+        
+        I changed JSCallbackObjectData, Arguments, JSArray, and RegExpObject to
+        store auxiliary data in a secondary structure.
+
+        I changed InternalFunction to store the function's name in the property
+        map.
+        
+        I changed JSGlobalObjectData to use a virtual destructor, so WebCore's
+        JSDOMWindowBaseData could inherit from it safely. (It's a strange design
+        for JSDOMWindowBase to allocate an object that JSGlobalObject deletes,
+        but that's really our only option, given the size constraint.)
+        
+        I also added a bunch of compile-time ASSERTs, and removed lots of comments
+        in JSObject.h because they were often out of date, and they got in the
+        way of reading what was actually going on.
+        
+        Also renamed JSArray::getLength to JSArray::length, to match our style
+        guidelines.
+
 2008-08-16  Geoffrey Garen  <[email protected]>
 

trunk/JavaScriptCore/JavaScriptCore.exp

@@ -132 +132 @@
 __ZN3KJS14constructArrayEPNS_9ExecStateERKNS_7ArgListE
 __ZN3KJS15JSWrapperObject4markEv
-__ZN3KJS16InternalFunction14deletePropertyEPNS_9ExecStateERKNS_10IdentifierE
-__ZN3KJS16InternalFunction18getOwnPropertySlotEPNS_9ExecStateERKNS_10IdentifierERNS_12PropertySlotE
-__ZN3KJS16InternalFunction3putEPNS_9ExecStateERKNS_10IdentifierEPNS_7JSValueE
 __ZN3KJS16InternalFunction4infoE
-__ZN3KJS16InternalFunctionC2EPNS_17FunctionPrototypeERKNS_10IdentifierE
+__ZN3KJS16InternalFunctionC2EPNS_9ExecStateEPNS_17FunctionPrototypeERKNS_10IdentifierE
 __ZN3KJS16JSVariableObject14deletePropertyEPNS_9ExecStateERKNS_10IdentifierE
 __ZN3KJS16JSVariableObject16getPropertyNamesEPNS_9ExecStateERNS_17PropertyNameArrayE
@@ -209 +206 @@
 __ZN3KJS8JSObject14deletePropertyEPNS_9ExecStateEj
 __ZN3KJS8JSObject16getPropertyNamesEPNS_9ExecStateERNS_17PropertyNameArrayE
-__ZN3KJS8JSObject17putDirectFunctionEPNS_16InternalFunctionEj
+__ZN3KJS8JSObject17putDirectFunctionEPNS_9ExecStateEPNS_16InternalFunctionEj
 __ZN3KJS8JSObject17putWithAttributesEPNS_9ExecStateERKNS_10IdentifierEPNS_7JSValueEj
 __ZN3KJS8JSObject17putWithAttributesEPNS_9ExecStateEjPNS_7JSValueEj

trunk/JavaScriptCore/VM/JSPropertyNameIterator.cpp

@@ -37 +37 @@
 namespace KJS {
 
-COMPILE_ASSERT(sizeof(JSPropertyNameIterator) <= CellSize<sizeof(void*)>::m_value, JSPropertyNameIteratorSizeASSERT);
+ASSERT_CLASS_FITS_IN_CELL(JSPropertyNameIterator);
 
 JSPropertyNameIterator* JSPropertyNameIterator::create(ExecState* exec, JSValue* v)

trunk/JavaScriptCore/VM/Machine.cpp

@@ -646 +646 @@
 
     if (Debugger* debugger = exec->dynamicGlobalObject()->debugger()) {
-        DebuggerCallFrame debuggerCallFrame(exec->dynamicGlobalObject(), codeBlock, scopeChain, r, exceptionValue);
+        DebuggerCallFrame debuggerCallFrame(exec, exec->dynamicGlobalObject(), codeBlock, scopeChain, r, exceptionValue);
         if (callFrame[RegisterFile::Callee].jsValue(exec))
             debugger->returnEvent(debuggerCallFrame, codeBlock->ownerNode->sourceId(), codeBlock->ownerNode->lastLine());
@@ -724 +724 @@
 
     if (Debugger* debugger = exec->dynamicGlobalObject()->debugger()) {
-        DebuggerCallFrame debuggerCallFrame(exec->dynamicGlobalObject(), codeBlock, scopeChain, r, exceptionValue);
+        DebuggerCallFrame debuggerCallFrame(exec, exec->dynamicGlobalObject(), codeBlock, scopeChain, r, exceptionValue);
         debugger->exception(debuggerCallFrame, codeBlock->ownerNode->sourceId(), codeBlock->lineNumberForVPC(vPC));
     }
@@ -956 +956 @@
         return;
 
-    DebuggerCallFrame debuggerCallFrame(exec->dynamicGlobalObject(), codeBlock, scopeChain, r, 0);
+    DebuggerCallFrame debuggerCallFrame(exec, exec->dynamicGlobalObject(), codeBlock, scopeChain, r, 0);
 
     switch((DebugHookID)debugHookID) {

trunk/JavaScriptCore/kjs/Arguments.cpp

@@ -33 +33 @@
 namespace KJS {
 
+ASSERT_CLASS_FITS_IN_CELL(Arguments);
+
 const ClassInfo Arguments::info = { "Arguments", 0, 0, 0 };
 
@@ -38 +40 @@
 Arguments::Arguments(ExecState* exec, JSFunction* function, const ArgList& args, JSActivation* activation)
     : JSObject(exec->lexicalGlobalObject()->objectPrototype())
-    , m_activationObject(activation)
-    , m_indexToNameMap(function, args)
+    , d(new ArgumentsData(activation, function, args))
 {
+    ASSERT(activation);
+
     putDirect(exec->propertyNames().callee, function, DontEnum);
     putDirect(exec, exec->propertyNames().length, args.size(), DontEnum);
@@ -48 +51 @@
     for (ArgList::const_iterator it = args.begin(); it != end; ++it, ++i) {
         Identifier name = Identifier::from(exec, i);
-        if (!m_indexToNameMap.isMapped(name))
+        if (!d->indexToNameMap.isMapped(name))
             putDirect(name, (*it).jsValue(exec), DontEnum);
     }
@@ -56 +59 @@
 {
     JSObject::mark();
-    if (m_activationObject && !m_activationObject->marked())
-        m_activationObject->mark();
+    if (!d->activation->marked())
+        d->activation->mark();
 }
 
@@ -63 +66 @@
 {
       Arguments* thisObj = static_cast<Arguments*>(slot.slotBase());
-      return thisObj->m_activationObject->get(exec, thisObj->m_indexToNameMap[propertyName]);
+      return thisObj->d->activation->get(exec, thisObj->d->indexToNameMap[propertyName]);
 }
 
 bool Arguments::getOwnPropertySlot(ExecState* exec, const Identifier& propertyName, PropertySlot& slot)
 {
-    if (m_indexToNameMap.isMapped(propertyName)) {
+    if (d->indexToNameMap.isMapped(propertyName)) {
         slot.setCustom(this, mappedIndexGetter);
         return true;
@@ -78 +81 @@
 void Arguments::put(ExecState* exec, const Identifier& propertyName, JSValue* value)
 {
-    if (m_indexToNameMap.isMapped(propertyName))
-        m_activationObject->put(exec, m_indexToNameMap[propertyName], value);
+    if (d->indexToNameMap.isMapped(propertyName))
+        d->activation->put(exec, d->indexToNameMap[propertyName], value);
     else
         JSObject::put(exec, propertyName, value);
@@ -86 +89 @@
 bool Arguments::deleteProperty(ExecState* exec, const Identifier& propertyName) 
 {
-    if (m_indexToNameMap.isMapped(propertyName)) {
-        m_indexToNameMap.unMap(exec, propertyName);
+    if (d->indexToNameMap.isMapped(propertyName)) {
+        d->indexToNameMap.unMap(exec, propertyName);
         return true;
     }

trunk/JavaScriptCore/kjs/Arguments.h

@@ -48 +48 @@
         static JSValue* mappedIndexGetter(ExecState*, const Identifier&, const PropertySlot& slot);
 
-        JSActivation* m_activationObject;
-        mutable IndexToNameMap m_indexToNameMap;
+        struct ArgumentsData {
+            ArgumentsData(JSActivation* activation_, JSFunction* function_, const ArgList& args_)
+                : activation(activation_)
+                , indexToNameMap(function_, args_)
+            {
+            }
+
+            JSActivation* activation;
+            mutable IndexToNameMap indexToNameMap;
+        };
+        
+        OwnPtr<ArgumentsData> d;
     };
 

trunk/JavaScriptCore/kjs/ArrayConstructor.cpp

@@ -32 +32 @@
 namespace KJS {
 
+ASSERT_CLASS_FITS_IN_CELL(ArrayConstructor);
+
 ArrayConstructor::ArrayConstructor(ExecState* exec, FunctionPrototype* functionPrototype, ArrayPrototype* arrayPrototype)
-    : InternalFunction(functionPrototype, Identifier(exec, arrayPrototype->classInfo()->className))
+    : InternalFunction(exec, functionPrototype, Identifier(exec, arrayPrototype->classInfo()->className))
 {
     // ECMA 15.4.3.1 Array.prototype

trunk/JavaScriptCore/kjs/ArrayPrototype.cpp

@@ -34 +34 @@
 
 namespace KJS {
+
+ASSERT_CLASS_FITS_IN_CELL(ArrayPrototype);
 
 static JSValue* arrayProtoFuncToString(ExecState*, JSObject*, JSValue*, const ArgList&);
@@ -263 +265 @@
         if (curArg->isObject(&JSArray::info)) {
             JSArray* curArray = static_cast<JSArray*>(curArg);
-            unsigned length = curArray->getLength();
+            unsigned length = curArray->length();
             for (unsigned k = 0; k < length; ++k) {
                 if (JSValue* v = getProperty(exec, curArray, k))

trunk/JavaScriptCore/kjs/BooleanConstructor.cpp

@@ -27 +27 @@
 namespace KJS {
 
+ASSERT_CLASS_FITS_IN_CELL(BooleanConstructor);
+
 BooleanConstructor::BooleanConstructor(ExecState* exec, FunctionPrototype* functionPrototype, BooleanPrototype* booleanPrototype)
-    : InternalFunction(functionPrototype, Identifier(exec, booleanPrototype->classInfo()->className))
+    : InternalFunction(exec, functionPrototype, Identifier(exec, booleanPrototype->classInfo()->className))
 {
     putDirect(exec->propertyNames().prototype, booleanPrototype, DontEnum | DontDelete | ReadOnly);

trunk/JavaScriptCore/kjs/BooleanObject.cpp

@@ -24 +24 @@
 namespace KJS {
 
+ASSERT_CLASS_FITS_IN_CELL(BooleanObject);
+
 const ClassInfo BooleanObject::info = { "Boolean", 0, 0, 0 };
 

trunk/JavaScriptCore/kjs/BooleanPrototype.cpp

@@ -30 +30 @@
 namespace KJS {
 
+ASSERT_CLASS_FITS_IN_CELL(BooleanPrototype);
+
 // Functions
 static JSValue* booleanProtoFuncToString(ExecState*, JSObject*, JSValue*, const ArgList&);
@@ -41 +43 @@
     setInternalValue(jsBoolean(false));
 
-    putDirectFunction(new (exec) PrototypeFunction(exec, functionPrototype, 0, exec->propertyNames().toString, booleanProtoFuncToString), DontEnum);
-    putDirectFunction(new (exec) PrototypeFunction(exec, functionPrototype, 0, exec->propertyNames().valueOf, booleanProtoFuncValueOf), DontEnum);
+    putDirectFunction(exec, new (exec) PrototypeFunction(exec, functionPrototype, 0, exec->propertyNames().toString, booleanProtoFuncToString), DontEnum);
+    putDirectFunction(exec, new (exec) PrototypeFunction(exec, functionPrototype, 0, exec->propertyNames().valueOf, booleanProtoFuncValueOf), DontEnum);
 }
 

trunk/JavaScriptCore/kjs/DateConstructor.cpp

@@ -46 +46 @@
 // TODO: MakeTime (15.9.11.1) etc. ?
 
+ASSERT_CLASS_FITS_IN_CELL(DateConstructor);
+
 static JSValue* dateParse(ExecState*, JSObject*, JSValue*, const ArgList&);
 static JSValue* dateNow(ExecState*, JSObject*, JSValue*, const ArgList&);
@@ -51 +53 @@
 
 DateConstructor::DateConstructor(ExecState* exec, FunctionPrototype* functionPrototype, DatePrototype* datePrototype)
-    : InternalFunction(functionPrototype, Identifier(exec, datePrototype->classInfo()->className))
+    : InternalFunction(exec, functionPrototype, Identifier(exec, datePrototype->classInfo()->className))
 {
       putDirect(exec->propertyNames().prototype, datePrototype, DontEnum|DontDelete|ReadOnly);
 
-      putDirectFunction(new (exec) PrototypeFunction(exec, functionPrototype, 1, exec->propertyNames().parse, dateParse), DontEnum);
-      putDirectFunction(new (exec) PrototypeFunction(exec, functionPrototype, 7, exec->propertyNames().UTC, dateUTC), DontEnum);
-      putDirectFunction(new (exec) PrototypeFunction(exec, functionPrototype, 0, exec->propertyNames().now, dateNow), DontEnum);
+      putDirectFunction(exec, new (exec) PrototypeFunction(exec, functionPrototype, 1, exec->propertyNames().parse, dateParse), DontEnum);
+      putDirectFunction(exec, new (exec) PrototypeFunction(exec, functionPrototype, 7, exec->propertyNames().UTC, dateUTC), DontEnum);
+      putDirectFunction(exec, new (exec) PrototypeFunction(exec, functionPrototype, 0, exec->propertyNames().now, dateNow), DontEnum);
 
       putDirect(exec, exec->propertyNames().length, 7, ReadOnly | DontEnum | DontDelete);

trunk/JavaScriptCore/kjs/DatePrototype.cpp

@@ -56 +56 @@
 
 namespace KJS {
+
+ASSERT_CLASS_FITS_IN_CELL(DatePrototype);
 
 static JSValue* dateProtoFuncGetDate(ExecState*, JSObject*, JSValue*, const ArgList&);

trunk/JavaScriptCore/kjs/DebuggerCallFrame.cpp

@@ -50 +50 @@
     if (!function)
         return 0;
-    return &function->functionName().ustring();
+    return &function->name(m_exec);
 }
 

trunk/JavaScriptCore/kjs/DebuggerCallFrame.h

@@ -33 +33 @@
     
     class CodeBlock;
+    class ExecState;
     class JSGlobalObject;
     class JSObject;
@@ -48 +49 @@
         };
 
-        DebuggerCallFrame(JSGlobalObject* dynamicGlobalObject, const CodeBlock* codeBlock, ScopeChainNode* scopeChain, Register* r, JSValue* exception)
-            : m_dynamicGlobalObject(dynamicGlobalObject)
+        DebuggerCallFrame(ExecState* exec, JSGlobalObject* dynamicGlobalObject, const CodeBlock* codeBlock, ScopeChainNode* scopeChain, Register* r, JSValue* exception)
+            : m_exec(exec)
+            , m_dynamicGlobalObject(dynamicGlobalObject)
             , m_codeBlock(codeBlock)
             , m_scopeChain(scopeChain)
@@ -68 +70 @@
         Register* callFrame() const;
 
+        ExecState* m_exec;
         JSGlobalObject* m_dynamicGlobalObject;
         const CodeBlock* m_codeBlock;

trunk/JavaScriptCore/kjs/ErrorConstructor.cpp

@@ -30 +30 @@
 namespace KJS {
 
+ASSERT_CLASS_FITS_IN_CELL(ErrorConstructor);
+
 ErrorConstructor::ErrorConstructor(ExecState* exec, FunctionPrototype* functionPrototype, ErrorPrototype* errorPrototype)
-    : InternalFunction(functionPrototype, Identifier(exec, errorPrototype->classInfo()->className))
+    : InternalFunction(exec, functionPrototype, Identifier(exec, errorPrototype->classInfo()->className))
 {
     // ECMA 15.11.3.1 Error.prototype

trunk/JavaScriptCore/kjs/ErrorPrototype.cpp

@@ -30 +30 @@
 namespace KJS {
 
+ASSERT_CLASS_FITS_IN_CELL(ErrorPrototype);
+
 static JSValue* errorProtoFuncToString(ExecState*, JSObject*, JSValue*, const ArgList&);
 
@@ -41 +43 @@
     putDirect(exec->propertyNames().message, jsString(exec, "Unknown error"), DontEnum);
 
-    putDirectFunction(new (exec) PrototypeFunction(exec, functionPrototype, 0, exec->propertyNames().toString, errorProtoFuncToString), DontEnum);
+    putDirectFunction(exec, new (exec) PrototypeFunction(exec, functionPrototype, 0, exec->propertyNames().toString, errorProtoFuncToString), DontEnum);
 }
 

trunk/JavaScriptCore/kjs/FunctionConstructor.cpp

@@ -33 +33 @@
 namespace KJS {
 
+ASSERT_CLASS_FITS_IN_CELL(FunctionConstructor);
+
 FunctionConstructor::FunctionConstructor(ExecState* exec, FunctionPrototype* functionPrototype)
-    : InternalFunction(functionPrototype, Identifier(exec, functionPrototype->classInfo()->className))
+    : InternalFunction(exec, functionPrototype, Identifier(exec, functionPrototype->classInfo()->className))
 {
     putDirect(exec->propertyNames().prototype, functionPrototype, DontEnum | DontDelete | ReadOnly);

trunk/JavaScriptCore/kjs/FunctionPrototype.cpp

@@ -30 +30 @@
 namespace KJS {
 
+ASSERT_CLASS_FITS_IN_CELL(FunctionPrototype);
+
 static JSValue* functionProtoFuncToString(ExecState*, JSObject*, JSValue*, const ArgList&);
 static JSValue* functionProtoFuncApply(ExecState*, JSObject*, JSValue*, const ArgList&);
@@ -35 +37 @@
 
 FunctionPrototype::FunctionPrototype(ExecState* exec)
+    : InternalFunction(exec)
 {
     putDirect(exec->propertyNames().length, jsNumber(exec, 0), DontDelete | ReadOnly | DontEnum);
 
-    putDirectFunction(new (exec) PrototypeFunction(exec, this, 0, exec->propertyNames().toString, functionProtoFuncToString), DontEnum);
-    putDirectFunction(new (exec) PrototypeFunction(exec, this, 2, exec->propertyNames().apply, functionProtoFuncApply), DontEnum);
-    putDirectFunction(new (exec) PrototypeFunction(exec, this, 1, exec->propertyNames().call, functionProtoFuncCall), DontEnum);
+    putDirectFunction(exec, new (exec) PrototypeFunction(exec, this, 0, exec->propertyNames().toString, functionProtoFuncToString), DontEnum);
+    putDirectFunction(exec, new (exec) PrototypeFunction(exec, this, 2, exec->propertyNames().apply, functionProtoFuncApply), DontEnum);
+    putDirectFunction(exec, new (exec) PrototypeFunction(exec, this, 1, exec->propertyNames().call, functionProtoFuncCall), DontEnum);
 }
 
@@ -59 +62 @@
 JSValue* functionProtoFuncToString(ExecState* exec, JSObject*, JSValue* thisValue, const ArgList&)
 {
-    if (!thisValue->isObject(&InternalFunction::info))
-        return throwError(exec, TypeError);
-
-    InternalFunction* function = static_cast<InternalFunction*>(thisValue);
-
-    if (function->inherits(&JSFunction::info)) {
-        JSFunction* fi = static_cast<JSFunction*>(thisValue);
-        return jsString(exec, "function " + fi->functionName().ustring() + "(" + fi->m_body->paramString() + ") " + fi->m_body->toSourceString());
+    if (thisValue->isObject(&JSFunction::info)) {
+        JSFunction* function = static_cast<JSFunction*>(thisValue);
+        return jsString(exec, "function " + function->name(exec) + "(" + function->m_body->paramString() + ") " + function->m_body->toSourceString());
     }
 
-    return jsString(exec, "function " + function->functionName().ustring() + "() {\n    [native code]\n}");
+    if (thisValue->isObject(&InternalFunction::info)) {
+        InternalFunction* function = static_cast<InternalFunction*>(thisValue);
+        return jsString(exec, "function " + function->name(exec) + "() {\n    [native code]\n}");
+    }
+
+    return throwError(exec, TypeError);
 }
 

trunk/JavaScriptCore/kjs/GlobalEvalFunction.cpp

@@ -32 +32 @@
 namespace KJS {
 
+ASSERT_CLASS_FITS_IN_CELL(GlobalEvalFunction);
+
 GlobalEvalFunction::GlobalEvalFunction(ExecState* exec, FunctionPrototype* functionPrototype, int len, const Identifier& name, NativeFunction function, JSGlobalObject* cachedGlobalObject)
     : PrototypeFunction(exec, functionPrototype, len, name, function)

trunk/JavaScriptCore/kjs/InternalFunction.cpp

@@ -29 +29 @@
 namespace KJS {
 
+ASSERT_CLASS_FITS_IN_CELL(InternalFunction);
+
 const ClassInfo InternalFunction::info = { "Function", 0, 0, 0 };
 
-InternalFunction::InternalFunction()
+InternalFunction::InternalFunction(ExecState* exec)
 {
+    putDirect(exec->propertyNames().name, jsString(exec, exec->propertyNames().nullIdentifier.ustring()), DontDelete | ReadOnly | DontEnum);
 }
 
-InternalFunction::InternalFunction(FunctionPrototype* prototype, const Identifier& name)
+InternalFunction::InternalFunction(ExecState* exec, FunctionPrototype* prototype, const Identifier& name)
     : JSObject(prototype)
-    , m_name(name)
 {
+    putDirect(exec->propertyNames().name, jsString(exec, name.ustring()), DontDelete | ReadOnly | DontEnum);
+}
+
+const UString& InternalFunction::name(ExecState* exec)
+{
+    JSValue* v = getDirect(exec->propertyNames().name);
+    ASSERT(v->isString());
+    return static_cast<JSString*>(v)->value();
 }
 
@@ -46 +56 @@
 }
 
-bool InternalFunction::getOwnPropertySlot(ExecState* exec, const Identifier& propertyName, PropertySlot& slot)
-{
-    if (propertyName == exec->propertyNames().name) {
-        slot.setCustom(this, nameGetter);
-        return true;
-    }
-
-    return JSObject::getOwnPropertySlot(exec, propertyName, slot);
-}
-
-void InternalFunction::put(ExecState* exec, const Identifier& propertyName, JSValue* value)
-{
-    if (propertyName == exec->propertyNames().name)
-        return;
-    JSObject::put(exec, propertyName, value);
-}
-
-bool InternalFunction::deleteProperty(ExecState* exec, const Identifier& propertyName)
-{
-    if (propertyName == exec->propertyNames().name)
-        return false;
-    return JSObject::deleteProperty(exec, propertyName);
-}
-
-JSValue* InternalFunction::nameGetter(ExecState* exec, const Identifier&, const PropertySlot& slot)
-{
-    InternalFunction* thisObj = static_cast<InternalFunction*>(slot.slotBase());
-    return jsString(exec, thisObj->functionName().ustring());
-}
-
 } // namespace KJS

trunk/JavaScriptCore/kjs/InternalFunction.h

@@ -36 +36 @@
         virtual const ClassInfo* classInfo() const { return &info; }
         static const ClassInfo info;
-
-        virtual bool getOwnPropertySlot(ExecState*, const Identifier&, PropertySlot&);
-        virtual void put(ExecState*, const Identifier& propertyName, JSValue*);
-        virtual bool deleteProperty(ExecState*, const Identifier& propertyName);
-
-        const Identifier& functionName() const { return m_name; }
+        
+        const UString& name(ExecState*);
 
     protected:
-        InternalFunction();
-        InternalFunction(FunctionPrototype*, const Identifier&);
+        InternalFunction(ExecState*);
+        InternalFunction(ExecState*, FunctionPrototype*, const Identifier&);
 
     private:
-        static JSValue* nameGetter(ExecState*, const Identifier&, const PropertySlot&);
         virtual CallType getCallData(CallData&) = 0;
         virtual bool implementsHasInstance() const;
-
-        Identifier m_name;
     };
 

trunk/JavaScriptCore/kjs/JSActivation.cpp

@@ -37 +37 @@
 
 namespace KJS {
+
+ASSERT_CLASS_FITS_IN_CELL(JSActivation);
 
 const ClassInfo JSActivation::info = { "JSActivation", 0, 0, 0 };

trunk/JavaScriptCore/kjs/JSArray.cpp

@@ -35 +35 @@
 
 namespace KJS {
+
+ASSERT_CLASS_FITS_IN_CELL(JSArray);
 
 // Overview of JSArray
@@ -129 +131 @@
     unsigned initialCapacity = min(initialLength, MIN_SPARSE_ARRAY_INDEX);
 
-    m_length = initialLength;
+    m_storage = static_cast<ArrayStorage*>(fastZeroedMalloc(storageSize(initialCapacity)));
     m_fastAccessCutoff = 0;
-    m_storage = static_cast<ArrayStorage*>(fastZeroedMalloc(storageSize(initialCapacity)));
     m_storage->m_vectorLength = initialCapacity;
+    m_storage->m_length = initialLength;
 
     Heap::heap(this)->reportExtraMemoryCost(initialCapacity * sizeof(JSValue*));
@@ -144 +146 @@
     unsigned length = list.size();
 
-    m_length = length;
     m_fastAccessCutoff = length;
 
@@ -152 +153 @@
     storage->m_numValuesInVector = length;
     storage->m_sparseValueMap = 0;
+    storage->m_length = length;
 
     size_t i = 0;
@@ -178 +180 @@
     ArrayStorage* storage = m_storage;
 
-    if (i >= m_length) {
+    if (i >= storage->m_length) {
         if (i > MAX_ARRAY_INDEX)
             return getOwnPropertySlot(exec, Identifier::from(exec, i), slot);
@@ -206 +208 @@
 {
     if (propertyName == exec->propertyNames().length) {
-        slot.setValue(jsNumber(exec, getLength()));
+        slot.setValue(jsNumber(exec, length()));
         return true;
     }
@@ -245 +247 @@
     checkConsistency();
 
-    unsigned length = m_length;
+    unsigned length = m_storage->m_length;
     if (i >= length && i <= MAX_ARRAY_INDEX) {
         length = i + 1;
-        m_length = length;
+        m_storage->m_length = length;
     }
 
@@ -259 +261 @@
         }
         valueSlot = value;
-        if (++m_storage->m_numValuesInVector == m_length)
-            m_fastAccessCutoff = m_length;
+        if (++m_storage->m_numValuesInVector == m_storage->m_length)
+            m_fastAccessCutoff = m_storage->m_length;
         checkConsistency();
         return;
@@ -414 +416 @@
     ArrayStorage* storage = m_storage;
 
-    unsigned usedVectorLength = min(m_length, storage->m_vectorLength);
+    unsigned usedVectorLength = min(storage->m_length, storage->m_vectorLength);
     for (unsigned i = 0; i < usedVectorLength; ++i) {
         if (storage->m_vector[i])
@@ -460 +462 @@
     ArrayStorage* storage = m_storage;
 
-    unsigned length = m_length;
+    unsigned length = m_storage->m_length;
 
     if (newLength < length) {
@@ -488 +490 @@
     }
 
-    m_length = newLength;
+    m_storage->m_length = newLength;
 
     checkConsistency();
@@ -499 +501 @@
     ArrayStorage* storage = m_storage;
 
-    unsigned usedVectorLength = min(m_length, storage->m_vectorLength);
+    unsigned usedVectorLength = min(storage->m_length, storage->m_vectorLength);
     for (unsigned i = 0; i < usedVectorLength; ++i) {
         JSValue* value = storage->m_vector[i];
@@ -662 +664 @@
     // The maximum tree depth is compiled in - but the caller is clearly up to no good
     // if a larger array is passed.
-    ASSERT(m_length <= static_cast<unsigned>(std::numeric_limits<int>::max()));
-    if (m_length > static_cast<unsigned>(std::numeric_limits<int>::max()))
-        return;
-
-    if (!m_length)
-        return;
-
-    unsigned usedVectorLength = min(m_length, m_storage->m_vectorLength);
+    ASSERT(m_storage->m_length <= static_cast<unsigned>(std::numeric_limits<int>::max()));
+    if (m_storage->m_length > static_cast<unsigned>(std::numeric_limits<int>::max()))
+        return;
+
+    if (!m_storage->m_length)
+        return;
+
+    unsigned usedVectorLength = min(m_storage->m_length, m_storage->m_vectorLength);
 
     AVLTree<AVLTreeAbstractorForArrayCompare, 44> tree; // Depth 44 is enough for 2^31 items
@@ -766 +768 @@
     ArrayStorage* storage = m_storage;
 
-    unsigned usedVectorLength = min(m_length, storage->m_vectorLength);
+    unsigned usedVectorLength = min(m_storage->m_length, storage->m_vectorLength);
 
     unsigned numDefined = 0;
@@ -836 +838 @@
         ASSERT(!m_storage->m_sparseValueMap);
 
-    ASSERT(m_fastAccessCutoff <= m_length);
+    ASSERT(m_fastAccessCutoff <= m_storage->m_length);
     ASSERT(m_fastAccessCutoff <= m_storage->m_numValuesInVector);
 
@@ -842 +844 @@
     for (unsigned i = 0; i < m_storage->m_vectorLength; ++i) {
         if (JSValue* value = m_storage->m_vector[i]) {
-            ASSERT(i < m_length);
+            ASSERT(i < m_storage->m_length);
             if (type != DestructorConsistencyCheck)
                 value->type(); // Likely to crash if the object was deallocated.
@@ -858 +860 @@
         for (SparseArrayValueMap::iterator it = m_storage->m_sparseValueMap->begin(); it != end; ++it) {
             unsigned index = it->first;
-            ASSERT(index < m_length);
+            ASSERT(index < m_storage->m_length);
             ASSERT(index >= m_storage->m_vectorLength);
             ASSERT(index <= MAX_ARRAY_INDEX);

trunk/JavaScriptCore/kjs/JSArray.h

@@ -30 +30 @@
 
     struct ArrayStorage {
+        unsigned m_length;
         unsigned m_vectorLength;
         unsigned m_numValuesInVector;
@@ -49 +50 @@
         static const ClassInfo info;
 
-        unsigned getLength() const { return m_length; }
+        unsigned length() const { return m_storage->m_length; }
         void setLength(unsigned); // OK to use on new arrays, but not if it might be a RegExpMatchArray.
 
@@ -92 +93 @@
         void checkConsistency(ConsistencyCheckType = NormalConsistencyCheck);
 
-        unsigned m_length;
         unsigned m_fastAccessCutoff;
         ArrayStorage* m_storage;

trunk/JavaScriptCore/kjs/JSCell.h

@@ -97 +97 @@
         virtual bool getOwnPropertySlot(ExecState*, const Identifier& propertyName, PropertySlot&);
         virtual bool getOwnPropertySlot(ExecState*, unsigned propertyName, PropertySlot&);
+        
+        intptr_t reserved; // Reserved for work in progress.
     };
 

trunk/JavaScriptCore/kjs/JSFunction.cpp

@@ -26 +26 @@
 #include "JSFunction.h"
 
+#include "CommonIdentifiers.h"
 #include "ExecState.h"
 #include "FunctionPrototype.h"
@@ -40 +41 @@
 namespace KJS {
 
-const ClassInfo JSFunction::info = { "Function", &InternalFunction::info, 0, 0 };
+ASSERT_CLASS_FITS_IN_CELL(JSFunction);
+
+const ClassInfo JSFunction::info = { "Function", 0, 0, 0 };
 
 JSFunction::JSFunction(ExecState* exec, const Identifier& name, FunctionBodyNode* body, ScopeChainNode* scopeChainNode)
-    : InternalFunction(exec->lexicalGlobalObject()->functionPrototype(), name)
+    : Base(exec, exec->lexicalGlobalObject()->functionPrototype(), name)
     , m_body(body)
     , m_scopeChain(scopeChainNode)
@@ -51 +54 @@
 void JSFunction::mark()
 {
-    InternalFunction::mark();
+    Base::mark();
     m_body->mark();
     m_scopeChain.mark();
@@ -103 +106 @@
     }
 
-    return InternalFunction::getOwnPropertySlot(exec, propertyName, slot);
+    return Base::getOwnPropertySlot(exec, propertyName, slot);
 }
 
@@ -110 +113 @@
     if (propertyName == exec->propertyNames().arguments || propertyName == exec->propertyNames().length)
         return;
-    InternalFunction::put(exec, propertyName, value);
+    Base::put(exec, propertyName, value);
 }
 
@@ -117 +120 @@
     if (propertyName == exec->propertyNames().arguments || propertyName == exec->propertyNames().length)
         return false;
-    return InternalFunction::deleteProperty(exec, propertyName);
+    return Base::deleteProperty(exec, propertyName);
 }
 

trunk/JavaScriptCore/kjs/JSFunction.h

@@ -39 +39 @@
 
     class JSFunction : public InternalFunction {
+        typedef InternalFunction Base;
     public:
         JSFunction(ExecState*, const Identifier&, FunctionBodyNode*, ScopeChainNode*);

trunk/JavaScriptCore/kjs/JSGlobalObject.cpp

@@ -63 +63 @@
 namespace KJS {
 
+ASSERT_CLASS_FITS_IN_CELL(JSGlobalObject);
+
 // Default number of ticks before a timeout check should be done.
 static const int initialTickCountThreshold = 255;
@@ -312 +314 @@
 
     d()->evalFunction = new (exec) GlobalEvalFunction(exec, d()->functionPrototype, 1, exec->propertyNames().eval, globalFuncEval, this);
-    putDirectFunction(d()->evalFunction, DontEnum);
-    putDirectFunction(new (exec) PrototypeFunction(exec, d()->functionPrototype, 2, Identifier(exec, "parseInt"), globalFuncParseInt), DontEnum);
-    putDirectFunction(new (exec) PrototypeFunction(exec, d()->functionPrototype, 1, Identifier(exec, "parseFloat"), globalFuncParseFloat), DontEnum);
-    putDirectFunction(new (exec) PrototypeFunction(exec, d()->functionPrototype, 1, Identifier(exec, "isNaN"), globalFuncIsNaN), DontEnum);
-    putDirectFunction(new (exec) PrototypeFunction(exec, d()->functionPrototype, 1, Identifier(exec, "isFinite"), globalFuncIsFinite), DontEnum);
-    putDirectFunction(new (exec) PrototypeFunction(exec, d()->functionPrototype, 1, Identifier(exec, "escape"), globalFuncEscape), DontEnum);
-    putDirectFunction(new (exec) PrototypeFunction(exec, d()->functionPrototype, 1, Identifier(exec, "unescape"), globalFuncUnescape), DontEnum);
-    putDirectFunction(new (exec) PrototypeFunction(exec, d()->functionPrototype, 1, Identifier(exec, "decodeURI"), globalFuncDecodeURI), DontEnum);
-    putDirectFunction(new (exec) PrototypeFunction(exec, d()->functionPrototype, 1, Identifier(exec, "decodeURIComponent"), globalFuncDecodeURIComponent), DontEnum);
-    putDirectFunction(new (exec) PrototypeFunction(exec, d()->functionPrototype, 1, Identifier(exec, "encodeURI"), globalFuncEncodeURI), DontEnum);
-    putDirectFunction(new (exec) PrototypeFunction(exec, d()->functionPrototype, 1, Identifier(exec, "encodeURIComponent"), globalFuncEncodeURIComponent), DontEnum);
+    putDirectFunction(exec, d()->evalFunction, DontEnum);
+    putDirectFunction(exec, new (exec) PrototypeFunction(exec, d()->functionPrototype, 2, Identifier(exec, "parseInt"), globalFuncParseInt), DontEnum);
+    putDirectFunction(exec, new (exec) PrototypeFunction(exec, d()->functionPrototype, 1, Identifier(exec, "parseFloat"), globalFuncParseFloat), DontEnum);
+    putDirectFunction(exec, new (exec) PrototypeFunction(exec, d()->functionPrototype, 1, Identifier(exec, "isNaN"), globalFuncIsNaN), DontEnum);
+    putDirectFunction(exec, new (exec) PrototypeFunction(exec, d()->functionPrototype, 1, Identifier(exec, "isFinite"), globalFuncIsFinite), DontEnum);
+    putDirectFunction(exec, new (exec) PrototypeFunction(exec, d()->functionPrototype, 1, Identifier(exec, "escape"), globalFuncEscape), DontEnum);
+    putDirectFunction(exec, new (exec) PrototypeFunction(exec, d()->functionPrototype, 1, Identifier(exec, "unescape"), globalFuncUnescape), DontEnum);
+    putDirectFunction(exec, new (exec) PrototypeFunction(exec, d()->functionPrototype, 1, Identifier(exec, "decodeURI"), globalFuncDecodeURI), DontEnum);
+    putDirectFunction(exec, new (exec) PrototypeFunction(exec, d()->functionPrototype, 1, Identifier(exec, "decodeURIComponent"), globalFuncDecodeURIComponent), DontEnum);
+    putDirectFunction(exec, new (exec) PrototypeFunction(exec, d()->functionPrototype, 1, Identifier(exec, "encodeURI"), globalFuncEncodeURI), DontEnum);
+    putDirectFunction(exec, new (exec) PrototypeFunction(exec, d()->functionPrototype, 1, Identifier(exec, "encodeURIComponent"), globalFuncEncodeURIComponent), DontEnum);
 #ifndef NDEBUG
-    putDirectFunction(new (exec) PrototypeFunction(exec, d()->functionPrototype, 1, Identifier(exec, "kjsprint"), globalFuncKJSPrint), DontEnum);
+    putDirectFunction(exec, new (exec) PrototypeFunction(exec, d()->functionPrototype, 1, Identifier(exec, "kjsprint"), globalFuncKJSPrint), DontEnum);
 #endif
 

trunk/JavaScriptCore/kjs/JSGlobalObject.h

@@ -78 +78 @@
             {
             }
+            
+            virtual ~JSGlobalObjectData()
+            {
+            }
 
             JSGlobalObject* next;
@@ -134 +138 @@
 
     protected:
-        JSGlobalObject(JSValue* prototype, JSObject* globalThisValue)
-            : JSVariableObject(prototype, new JSGlobalObjectData(this, globalThisValue))
+        JSGlobalObject(JSValue* prototype, JSGlobalObjectData* d, JSObject* globalThisValue)
+            : JSVariableObject(prototype, d)
         {
             init(globalThisValue);

trunk/JavaScriptCore/kjs/JSNotAnObject.cpp

@@ -34 +34 @@
 
 namespace KJS {
+
+ASSERT_CLASS_FITS_IN_CELL(JSNotAnObject);
 
 // JSValue methods

trunk/JavaScriptCore/kjs/JSObject.cpp

@@ -43 +43 @@
 namespace KJS {
 
+ASSERT_CLASS_FITS_IN_CELL(JSObject);
+
 void JSObject::mark()
 {
@@ -461 +463 @@
 }
 
-void JSObject::putDirectFunction(InternalFunction* function, unsigned attr)
-{
-    putDirect(function->functionName(), function, attr);
+void JSObject::putDirectFunction(ExecState* exec, InternalFunction* function, unsigned attr)
+{
+    putDirect(Identifier(exec, function->name(exec)), function, attr);
 }
 

trunk/JavaScriptCore/kjs/JSObject.h

@@ -70 +70 @@
         virtual JSType type() const;
 
-        /**
-         * A pointer to a ClassInfo struct for this class. This provides a basic
-         * facility for run-time type information, and can be used to check an
-         * object's class an inheritance (see inherits()). This should
-         * always return a statically declared pointer, or 0 to indicate that
-         * there is no class information.
-         *
-         * This is primarily useful if you have application-defined classes that you
-         * wish to check against for casting purposes.
-         *
-         * For example, to specify the class info for classes FooImp and BarImp,
-         * where FooImp inherits from BarImp, you would add the following in your
-         * class declarations:
-         *
-         * \code
-         *   class BarImp : public JSObject {
-         *     virtual const ClassInfo *classInfo() const { return &info; }
-         *     static const ClassInfo info;
-         *     // ...
-         *   };
-         *
-         *   class FooImp : public JSObject {
-         *     virtual const ClassInfo *classInfo() const { return &info; }
-         *     static const ClassInfo info;
-         *     // ...
-         *   };
-         * \endcode
-         *
-         * And in your source file:
-         *
-         * \code
-         *   const ClassInfo BarImp::info = { "Bar", 0, 0, 0 }; // no parent class
-         *   const ClassInfo FooImp::info = { "Foo", &BarImp::info, 0, 0 };
-         * \endcode
-         *
-         * @see inherits()
-         */
-
-        /**
-         * Checks whether this object inherits from the class with the specified
-         * classInfo() pointer. This requires that both this class and the other
-         * class return a non-NULL pointer for their classInfo() methods (otherwise
-         * it will return false).
-         *
-         * For example, for two JSObject pointers obj1 and obj2, you can check
-         * if obj1's class inherits from obj2's class using the following:
-         *
-         *   if (obj1->inherits(obj2->classInfo())) {
-         *     // ...
-         *   }
-         *
-         * If you have a handle to a statically declared ClassInfo, such as in the
-         * classInfo() example, you can check for inheritance without needing
-         * an instance of the other class:
-         *
-         *   if (obj1->inherits(FooImp::info)) {
-         *     // ...
-         *   }
-         *
-         * @param cinfo The ClassInfo pointer for the class you want to check
-         * inheritance against.
-         * @return true if this object's class inherits from class with the
-         * ClassInfo pointer specified in cinfo
-         */
         bool inherits(const ClassInfo* classInfo) const { return isObject(classInfo); } // FIXME: Merge with isObject.
 
-        // internal properties (ECMA 262-3 8.6.2)
-
-        /**
-         * Returns the prototype of this object. Note that this is not the same as
-         * the "prototype" property.
-         *
-         * See ECMA 8.6.2
-         *
-         * @return The object's prototype
-         */
         JSValue* prototype() const;
         void setPrototype(JSValue* prototype);
 
-        /**
-         * Returns the class name of the object
-         *
-         * See ECMA 8.6.2
-         *
-         * @return The object's class name
-         */
-        /**
-         * Implementation of the [[Class]] internal property (implemented by all
-         * Objects)
-         *
-         * The default implementation uses classInfo().
-         * You should either implement classInfo(), or
-         * if you simply need a classname, you can reimplement className()
-         * instead.
-         */
         virtual UString className() const;
 
-        /**
-         * Retrieves the specified property from the object. If neither the object
-         * or any other object in its prototype chain have the property, this
-         * function will return Undefined.
-         *
-         * See ECMA 8.6.2.1
-         *
-         * @param exec The current execution state
-         * @param propertyName The name of the property to retrieve
-         *
-         * @return The specified property, or Undefined
-         */
         JSValue* get(ExecState*, const Identifier& propertyName) const;
         JSValue* get(ExecState*, unsigned propertyName) const;
@@ -188 +86 @@
         virtual bool getOwnPropertySlot(ExecState*, unsigned propertyName, PropertySlot&);
 
-        /**
-         * Sets the specified property.
-         *
-         * See ECMA 8.6.2.2
-         *
-         * @param exec The current execution state
-         * @param propertyName The name of the property to set
-         * @param propertyValue The value to set
-         */
         virtual void put(ExecState*, const Identifier& propertyName, JSValue* value);
         virtual void put(ExecState*, unsigned propertyName, JSValue* value);
@@ -203 +92 @@
         virtual void putWithAttributes(ExecState*, unsigned propertyName, JSValue* value, unsigned attributes);
 
-        /**
-         * Checks if a property is enumerable, that is if it doesn't have the DontEnum
-         * flag set
-         *
-         * See ECMA 15.2.4
-         * @param exec The current execution state
-         * @param propertyName The name of the property
-         * @return true if the property is enumerable, otherwise false
-         */
         bool propertyIsEnumerable(ExecState*, const Identifier& propertyName) const;
 
-        /**
-         * Checks to see whether the object (or any object in its prototype chain)
-         * has a property with the specified name.
-         *
-         * See ECMA 8.6.2.4
-         *
-         * @param exec The current execution state
-         * @param propertyName The name of the property to check for
-         * @return true if the object has the property, otherwise false
-         */
         bool hasProperty(ExecState*, const Identifier& propertyName) const;
         bool hasProperty(ExecState*, unsigned propertyName) const;
         bool hasOwnProperty(ExecState*, const Identifier& propertyName) const;
 
-        /**
-         * Removes the specified property from the object.
-         *
-         * See ECMA 8.6.2.5
-         *
-         * @param exec The current execution state
-         * @param propertyName The name of the property to delete
-         * @return true if the property was successfully deleted or did not
-         * exist on the object. false if deleting the specified property is not
-         * allowed.
-         */
         virtual bool deleteProperty(ExecState*, const Identifier& propertyName);
         virtual bool deleteProperty(ExecState*, unsigned propertyName);
 
-        /**
-         * Converts the object into a primitive value. The value return may differ
-         * depending on the supplied hint
-         *
-         * See ECMA 8.6.2.6
-         *
-         * @param exec The current execution state
-         * @param hint The desired primitive type to convert to
-         * @return A primitive value converted from the objetc. Note that the
-         * type of primitive value returned may not be the same as the requested
-         * hint.
-         */
-        /**
-         * Implementation of the [[DefaultValue]] internal property (implemented by
-         * all Objects)
-         */
         virtual JSValue* defaultValue(ExecState*, JSType hint) const;
 
-        /**
-         * Whether or not the object implements the hasInstance() method. If this
-         * returns false you should not call the hasInstance() method on this
-         * object (typically, an assertion will fail to indicate this).
-         *
-         * @return true if this object implements the hasInstance() method,
-         * otherwise false
-         */
         virtual bool implementsHasInstance() const;
-
-        /**
-         * Checks whether value delegates behavior to this object. Used by the
-         * instanceof operator.
-         *
-         * @param exec The current execution state
-         * @param value The value to check
-         * @return true if value delegates behavior to this object, otherwise
-         * false
-         */
         virtual bool hasInstance(ExecState*, JSValue*);
 
@@ -299 +124 @@
 
         // This get function only looks at the property map.
-        // This is used e.g. by lookupOrCreateFunction (to cache a function, we don't want
-        // to look up in the prototype, it might already exist there)
         JSValue* getDirect(const Identifier& propertyName) const { return m_propertyMap.get(propertyName); }
         JSValue** getDirectLocation(const Identifier& propertyName) { return m_propertyMap.getLocation(propertyName); }
@@ -310 +133 @@
 
         // convenience to add a function property under the function's own built-in name
-        void putDirectFunction(InternalFunction*, unsigned attr = 0);
+        void putDirectFunction(ExecState*, InternalFunction*, unsigned attr = 0);
 
         void fillGetterPropertySlot(PropertySlot&, JSValue** location);

trunk/JavaScriptCore/kjs/JSStaticScopeObject.cpp

@@ -29 +29 @@
 
 namespace KJS {
+
+ASSERT_CLASS_FITS_IN_CELL(JSStaticScopeObject);
 
 JSObject* JSStaticScopeObject::toThisObject(ExecState* exec) const

trunk/JavaScriptCore/kjs/JSWrapperObject.cpp

@@ -26 +26 @@
 namespace KJS {
 
+ASSERT_CLASS_FITS_IN_CELL(JSWrapperObject);
+
 void JSWrapperObject::mark() 
 {

trunk/JavaScriptCore/kjs/MathObject.cpp

@@ -29 +29 @@
 
 namespace KJS {
+
+ASSERT_CLASS_FITS_IN_CELL(MathObject);
 
 static JSValue* mathProtoFuncAbs(ExecState*, JSObject*, JSValue*, const ArgList&);

trunk/JavaScriptCore/kjs/NativeErrorConstructor.cpp

@@ -29 +29 @@
 namespace KJS {
 
+ASSERT_CLASS_FITS_IN_CELL(NativeErrorConstructor);
+
 const ClassInfo NativeErrorConstructor::info = { "Function", &InternalFunction::info, 0, 0 };
 
 NativeErrorConstructor::NativeErrorConstructor(ExecState* exec, FunctionPrototype* functionPrototype, NativeErrorPrototype* nativeErrorPrototype)
-    : InternalFunction(functionPrototype, Identifier(exec, nativeErrorPrototype->getDirect(exec->propertyNames().name)->getString()))
+    : InternalFunction(exec, functionPrototype, Identifier(exec, nativeErrorPrototype->getDirect(exec->propertyNames().name)->getString()))
     , m_proto(nativeErrorPrototype)
 {

trunk/JavaScriptCore/kjs/NativeErrorPrototype.cpp

@@ -28 +28 @@
 namespace KJS {
 
+ASSERT_CLASS_FITS_IN_CELL(NativeErrorPrototype);
+
 NativeErrorPrototype::NativeErrorPrototype(ExecState* exec, ErrorPrototype* errorPrototype, const UString& name, const UString& message)
     : JSObject(errorPrototype)

trunk/JavaScriptCore/kjs/NumberConstructor.cpp

@@ -29 +29 @@
 namespace KJS {
 
+ASSERT_CLASS_FITS_IN_CELL(NativeErrorConstructor);
+
 const ClassInfo NumberConstructor::info = { "Function", &InternalFunction::info, 0, ExecState::numberTable };
 
@@ -41 +43 @@
 */
 NumberConstructor::NumberConstructor(ExecState* exec, FunctionPrototype* functionPrototype, NumberPrototype* numberPrototype)
-    : InternalFunction(functionPrototype, Identifier(exec, numberPrototype->info.className))
+    : InternalFunction(exec, functionPrototype, Identifier(exec, numberPrototype->info.className))
 {
     // Number.Prototype

trunk/JavaScriptCore/kjs/NumberObject.cpp

@@ -28 +28 @@
 namespace KJS {
 
+ASSERT_CLASS_FITS_IN_CELL(NumberObject);
+
 const ClassInfo NumberObject::info = { "Number", 0, 0, 0 };
 

trunk/JavaScriptCore/kjs/NumberPrototype.cpp

@@ -36 +36 @@
 namespace KJS {
 
+ASSERT_CLASS_FITS_IN_CELL(NumberPrototype);
+
 static JSValue* numberProtoFuncToString(ExecState*, JSObject*, JSValue*, const ArgList&);
 static JSValue* numberProtoFuncToLocaleString(ExecState*, JSObject*, JSValue*, const ArgList&);
@@ -52 +54 @@
     // The constructor will be added later, after NumberConstructor has been constructed
 
-    putDirectFunction(new (exec) PrototypeFunction(exec, functionPrototype, 1, exec->propertyNames().toString, numberProtoFuncToString), DontEnum);
-    putDirectFunction(new (exec) PrototypeFunction(exec, functionPrototype, 0, exec->propertyNames().toLocaleString, numberProtoFuncToLocaleString), DontEnum);
-    putDirectFunction(new (exec) PrototypeFunction(exec, functionPrototype, 0, exec->propertyNames().valueOf, numberProtoFuncValueOf), DontEnum);
-    putDirectFunction(new (exec) PrototypeFunction(exec, functionPrototype, 1, exec->propertyNames().toFixed, numberProtoFuncToFixed), DontEnum);
-    putDirectFunction(new (exec) PrototypeFunction(exec, functionPrototype, 1, exec->propertyNames().toExponential, numberProtoFuncToExponential), DontEnum);
-    putDirectFunction(new (exec) PrototypeFunction(exec, functionPrototype, 1, exec->propertyNames().toPrecision, numberProtoFuncToPrecision), DontEnum);
+    putDirectFunction(exec, new (exec) PrototypeFunction(exec, functionPrototype, 1, exec->propertyNames().toString, numberProtoFuncToString), DontEnum);
+    putDirectFunction(exec, new (exec) PrototypeFunction(exec, functionPrototype, 0, exec->propertyNames().toLocaleString, numberProtoFuncToLocaleString), DontEnum);
+    putDirectFunction(exec, new (exec) PrototypeFunction(exec, functionPrototype, 0, exec->propertyNames().valueOf, numberProtoFuncValueOf), DontEnum);
+    putDirectFunction(exec, new (exec) PrototypeFunction(exec, functionPrototype, 1, exec->propertyNames().toFixed, numberProtoFuncToFixed), DontEnum);
+    putDirectFunction(exec, new (exec) PrototypeFunction(exec, functionPrototype, 1, exec->propertyNames().toExponential, numberProtoFuncToExponential), DontEnum);
+    putDirectFunction(exec, new (exec) PrototypeFunction(exec, functionPrototype, 1, exec->propertyNames().toPrecision, numberProtoFuncToPrecision), DontEnum);
 }
 

trunk/JavaScriptCore/kjs/ObjectConstructor.cpp

@@ -28 +28 @@
 namespace KJS {
 
+ASSERT_CLASS_FITS_IN_CELL(ObjectConstructor);
+
 ObjectConstructor::ObjectConstructor(ExecState* exec, ObjectPrototype* objectPrototype, FunctionPrototype* functionPrototype)
-    : InternalFunction(functionPrototype, Identifier(exec, "Object"))
+    : InternalFunction(exec, functionPrototype, Identifier(exec, "Object"))
 {
     // ECMA 15.2.3.1

trunk/JavaScriptCore/kjs/ObjectPrototype.cpp

@@ -29 +29 @@
 namespace KJS {
 
+ASSERT_CLASS_FITS_IN_CELL(ObjectPrototype);
+
 static JSValue* objectProtoFuncValueOf(ExecState*, JSObject*, JSValue*, const ArgList&);
 static JSValue* objectProtoFuncHasOwnProperty(ExecState*, JSObject*, JSValue*, const ArgList&);
@@ -42 +44 @@
     : JSObject() // [[Prototype]] is null
 {
-    putDirectFunction(new (exec) PrototypeFunction(exec, functionPrototype, 0, exec->propertyNames().toString, objectProtoFuncToString), DontEnum);
-    putDirectFunction(new (exec) PrototypeFunction(exec, functionPrototype, 0, exec->propertyNames().toLocaleString, objectProtoFuncToLocaleString), DontEnum);
-    putDirectFunction(new (exec) PrototypeFunction(exec, functionPrototype, 0, exec->propertyNames().valueOf, objectProtoFuncValueOf), DontEnum);
-    putDirectFunction(new (exec) PrototypeFunction(exec, functionPrototype, 1, exec->propertyNames().hasOwnProperty, objectProtoFuncHasOwnProperty), DontEnum);
-    putDirectFunction(new (exec) PrototypeFunction(exec, functionPrototype, 1, exec->propertyNames().propertyIsEnumerable, objectProtoFuncPropertyIsEnumerable), DontEnum);
-    putDirectFunction(new (exec) PrototypeFunction(exec, functionPrototype, 1, exec->propertyNames().isPrototypeOf, objectProtoFuncIsPrototypeOf), DontEnum);
+    putDirectFunction(exec, new (exec) PrototypeFunction(exec, functionPrototype, 0, exec->propertyNames().toString, objectProtoFuncToString), DontEnum);
+    putDirectFunction(exec, new (exec) PrototypeFunction(exec, functionPrototype, 0, exec->propertyNames().toLocaleString, objectProtoFuncToLocaleString), DontEnum);
+    putDirectFunction(exec, new (exec) PrototypeFunction(exec, functionPrototype, 0, exec->propertyNames().valueOf, objectProtoFuncValueOf), DontEnum);
+    putDirectFunction(exec, new (exec) PrototypeFunction(exec, functionPrototype, 1, exec->propertyNames().hasOwnProperty, objectProtoFuncHasOwnProperty), DontEnum);
+    putDirectFunction(exec, new (exec) PrototypeFunction(exec, functionPrototype, 1, exec->propertyNames().propertyIsEnumerable, objectProtoFuncPropertyIsEnumerable), DontEnum);
+    putDirectFunction(exec, new (exec) PrototypeFunction(exec, functionPrototype, 1, exec->propertyNames().isPrototypeOf, objectProtoFuncIsPrototypeOf), DontEnum);
 
     // Mozilla extensions
-    putDirectFunction(new (exec) PrototypeFunction(exec, functionPrototype, 2, exec->propertyNames().__defineGetter__, objectProtoFuncDefineGetter), DontEnum);
-    putDirectFunction(new (exec) PrototypeFunction(exec, functionPrototype, 2, exec->propertyNames().__defineSetter__, objectProtoFuncDefineSetter), DontEnum);
-    putDirectFunction(new (exec) PrototypeFunction(exec, functionPrototype, 1, exec->propertyNames().__lookupGetter__, objectProtoFuncLookupGetter), DontEnum);
-    putDirectFunction(new (exec) PrototypeFunction(exec, functionPrototype, 1, exec->propertyNames().__lookupSetter__, objectProtoFuncLookupSetter), DontEnum);
+    putDirectFunction(exec, new (exec) PrototypeFunction(exec, functionPrototype, 2, exec->propertyNames().__defineGetter__, objectProtoFuncDefineGetter), DontEnum);
+    putDirectFunction(exec, new (exec) PrototypeFunction(exec, functionPrototype, 2, exec->propertyNames().__defineSetter__, objectProtoFuncDefineSetter), DontEnum);
+    putDirectFunction(exec, new (exec) PrototypeFunction(exec, functionPrototype, 1, exec->propertyNames().__lookupGetter__, objectProtoFuncLookupGetter), DontEnum);
+    putDirectFunction(exec, new (exec) PrototypeFunction(exec, functionPrototype, 1, exec->propertyNames().__lookupSetter__, objectProtoFuncLookupSetter), DontEnum);
 }
 

trunk/JavaScriptCore/kjs/PrototypeFunction.cpp

@@ -32 +32 @@
 namespace KJS {
 
+ASSERT_CLASS_FITS_IN_CELL(PrototypeFunction);
+
 PrototypeFunction::PrototypeFunction(ExecState* exec, int length, const Identifier& name, NativeFunction function)
-    : InternalFunction(exec->lexicalGlobalObject()->functionPrototype(), name)
+    : InternalFunction(exec, exec->lexicalGlobalObject()->functionPrototype(), name)
     , m_function(function)
 {
@@ -41 +43 @@
 
 PrototypeFunction::PrototypeFunction(ExecState* exec, FunctionPrototype* functionPrototype, int length, const Identifier& name, NativeFunction function)
-    : InternalFunction(functionPrototype, name)
+    : InternalFunction(exec, functionPrototype, name)
     , m_function(function)
 {

trunk/JavaScriptCore/kjs/RegExpConstructor.cpp

@@ -33 +33 @@
 
 namespace KJS {
+
+ASSERT_CLASS_FITS_IN_CELL(RegExpConstructor);
 
 const ClassInfo RegExpConstructor::info = { "Function", &InternalFunction::info, 0, ExecState::regExpConstructorTable };
@@ -77 +79 @@
 
 RegExpConstructor::RegExpConstructor(ExecState* exec, FunctionPrototype* functionPrototype, RegExpPrototype* regExpPrototype)
-    : InternalFunction(functionPrototype, Identifier(exec, "RegExp"))
+    : InternalFunction(exec, functionPrototype, Identifier(exec, "RegExp"))
     , d(new RegExpConstructorPrivate)
 {

trunk/JavaScriptCore/kjs/RegExpObject.cpp

@@ -31 +31 @@
 namespace KJS {
 
+ASSERT_CLASS_FITS_IN_CELL(RegExpObject);
+
 const ClassInfo RegExpObject::info = { "RegExp", 0, 0, ExecState::regExpTable };
 
@@ -45 +47 @@
 RegExpObject::RegExpObject(RegExpPrototype* regExpPrototype, PassRefPtr<RegExp> regExp)
     : JSObject(regExpPrototype)
-    , m_regExp(regExp)
-    , m_lastIndex(0)
+    , d(new RegExpObjectData(regExp, 0))
 {
 }
@@ -63 +64 @@
     switch (token) {
         case Global:
-            return jsBoolean(m_regExp->global());
+            return jsBoolean(d->regExp->global());
         case IgnoreCase:
-            return jsBoolean(m_regExp->ignoreCase());
+            return jsBoolean(d->regExp->ignoreCase());
         case Multiline:
-            return jsBoolean(m_regExp->multiline());
+            return jsBoolean(d->regExp->multiline());
         case Source:
-            return jsString(exec, m_regExp->pattern());
+            return jsString(exec, d->regExp->pattern());
         case LastIndex:
-            return jsNumber(exec, m_lastIndex);
+            return jsNumber(exec, d->lastIndex);
     }
     
@@ -87 +88 @@
     UNUSED_PARAM(token);
     ASSERT(token == LastIndex);
-    m_lastIndex = value->toInteger(exec);
+    d->lastIndex = value->toInteger(exec);
 }
 
@@ -108 +109 @@
     int lastIndex = 0;
     if (global) {
-        if (m_lastIndex < 0 || m_lastIndex > input.size()) {
-            m_lastIndex = 0;
+        if (d->lastIndex < 0 || d->lastIndex > input.size()) {
+            d->lastIndex = 0;
             return false;
         }
-        lastIndex = static_cast<int>(m_lastIndex);
+        lastIndex = static_cast<int>(d->lastIndex);
     }
 
     int foundIndex;
     int foundLength;
-    regExpObj->performMatch(m_regExp.get(), input, lastIndex, foundIndex, foundLength);
+    regExpObj->performMatch(d->regExp.get(), input, lastIndex, foundIndex, foundLength);
 
     if (global) {
         lastIndex = foundIndex < 0 ? 0 : foundIndex + foundLength;
-        m_lastIndex = lastIndex;
+        d->lastIndex = lastIndex;
     }
 

trunk/JavaScriptCore/kjs/RegExpObject.h

@@ -36 +36 @@
         virtual ~RegExpObject();
 
-        void setRegExp(PassRefPtr<RegExp> r) { m_regExp = r; }
-        RegExp* regExp() const { return m_regExp.get(); }
+        void setRegExp(PassRefPtr<RegExp> r) { d->regExp = r; }
+        RegExp* regExp() const { return d->regExp.get(); }
 
         JSValue* test(ExecState*, const ArgList&);
@@ -50 +50 @@
         static const ClassInfo info;
 
-        void setLastIndex(double lastIndex) { m_lastIndex = lastIndex; }
+        void setLastIndex(double lastIndex) { d->lastIndex = lastIndex; }
 
     private:
@@ -56 +56 @@
 
         virtual CallType getCallData(CallData&);
+        
+        struct RegExpObjectData {
+            RegExpObjectData(PassRefPtr<RegExp> regExp_, double lastIndex_)
+                : regExp(regExp_)
+                , lastIndex(lastIndex_)
+            {
+            }
 
-        RefPtr<RegExp> m_regExp;
-        double m_lastIndex;
+            RefPtr<RegExp> regExp;
+            double lastIndex;
+        };
+        
+        OwnPtr<RegExpObjectData> d;
     };
 

trunk/JavaScriptCore/kjs/RegExpPrototype.cpp

@@ -35 +35 @@
 namespace KJS {
 
+ASSERT_CLASS_FITS_IN_CELL(RegExpPrototype);
+
 static JSValue* regExpProtoFuncTest(ExecState*, JSObject*, JSValue*, const ArgList&);
 static JSValue* regExpProtoFuncExec(ExecState*, JSObject*, JSValue*, const ArgList&);
@@ -47 +49 @@
     : JSObject(objectPrototype)
 {
-    putDirectFunction(new (exec) PrototypeFunction(exec, functionPrototype, 0, exec->propertyNames().compile, regExpProtoFuncCompile), DontEnum);
-    putDirectFunction(new (exec) PrototypeFunction(exec, functionPrototype, 0, exec->propertyNames().exec, regExpProtoFuncExec), DontEnum);
-    putDirectFunction(new (exec) PrototypeFunction(exec, functionPrototype, 0, exec->propertyNames().test, regExpProtoFuncTest), DontEnum);
-    putDirectFunction(new (exec) PrototypeFunction(exec, functionPrototype, 0, exec->propertyNames().toString, regExpProtoFuncToString), DontEnum);
+    putDirectFunction(exec, new (exec) PrototypeFunction(exec, functionPrototype, 0, exec->propertyNames().compile, regExpProtoFuncCompile), DontEnum);
+    putDirectFunction(exec, new (exec) PrototypeFunction(exec, functionPrototype, 0, exec->propertyNames().exec, regExpProtoFuncExec), DontEnum);
+    putDirectFunction(exec, new (exec) PrototypeFunction(exec, functionPrototype, 0, exec->propertyNames().test, regExpProtoFuncTest), DontEnum);
+    putDirectFunction(exec, new (exec) PrototypeFunction(exec, functionPrototype, 0, exec->propertyNames().toString, regExpProtoFuncToString), DontEnum);
 }
 

trunk/JavaScriptCore/kjs/Shell.cpp

@@ -166 +166 @@
 };
 COMPILE_ASSERT(!IsInteger<GlobalObject>::value, WTF_IsInteger_GlobalObject_false);
+ASSERT_CLASS_FITS_IN_CELL(GlobalObject);
 
 GlobalObject::GlobalObject(Vector<UString>& arguments)
 {
-    putDirectFunction(new (globalExec()) PrototypeFunction(globalExec(), functionPrototype(), 1, Identifier(globalExec(), "debug"), functionDebug));
-    putDirectFunction(new (globalExec()) PrototypeFunction(globalExec(), functionPrototype(), 1, Identifier(globalExec(), "print"), functionPrint));
-    putDirectFunction(new (globalExec()) PrototypeFunction(globalExec(), functionPrototype(), 0, Identifier(globalExec(), "quit"), functionQuit));
-    putDirectFunction(new (globalExec()) PrototypeFunction(globalExec(), functionPrototype(), 0, Identifier(globalExec(), "gc"), functionGC));
-    putDirectFunction(new (globalExec()) PrototypeFunction(globalExec(), functionPrototype(), 1, Identifier(globalExec(), "version"), functionVersion));
-    putDirectFunction(new (globalExec()) PrototypeFunction(globalExec(), functionPrototype(), 1, Identifier(globalExec(), "run"), functionRun));
-    putDirectFunction(new (globalExec()) PrototypeFunction(globalExec(), functionPrototype(), 1, Identifier(globalExec(), "load"), functionLoad));
-    putDirectFunction(new (globalExec()) PrototypeFunction(globalExec(), functionPrototype(), 0, Identifier(globalExec(), "readline"), functionReadline));
+    putDirectFunction(globalExec(), new (globalExec()) PrototypeFunction(globalExec(), functionPrototype(), 1, Identifier(globalExec(), "debug"), functionDebug));
+    putDirectFunction(globalExec(), new (globalExec()) PrototypeFunction(globalExec(), functionPrototype(), 1, Identifier(globalExec(), "print"), functionPrint));
+    putDirectFunction(globalExec(), new (globalExec()) PrototypeFunction(globalExec(), functionPrototype(), 0, Identifier(globalExec(), "quit"), functionQuit));
+    putDirectFunction(globalExec(), new (globalExec()) PrototypeFunction(globalExec(), functionPrototype(), 0, Identifier(globalExec(), "gc"), functionGC));
+    putDirectFunction(globalExec(), new (globalExec()) PrototypeFunction(globalExec(), functionPrototype(), 1, Identifier(globalExec(), "version"), functionVersion));
+    putDirectFunction(globalExec(), new (globalExec()) PrototypeFunction(globalExec(), functionPrototype(), 1, Identifier(globalExec(), "run"), functionRun));
+    putDirectFunction(globalExec(), new (globalExec()) PrototypeFunction(globalExec(), functionPrototype(), 1, Identifier(globalExec(), "load"), functionLoad));
+    putDirectFunction(globalExec(), new (globalExec()) PrototypeFunction(globalExec(), functionPrototype(), 0, Identifier(globalExec(), "readline"), functionReadline));
 
     JSObject* array = constructEmptyArray(globalExec());

trunk/JavaScriptCore/kjs/StringConstructor.cpp

@@ -45 +45 @@
 }
 
+ASSERT_CLASS_FITS_IN_CELL(StringConstructor);
+
 StringConstructor::StringConstructor(ExecState* exec, FunctionPrototype* functionPrototype, StringPrototype* stringPrototype)
-    : InternalFunction(functionPrototype, Identifier(exec, stringPrototype->classInfo()->className))
+    : InternalFunction(exec, functionPrototype, Identifier(exec, stringPrototype->classInfo()->className))
 {
     // ECMA 15.5.3.1 String.prototype
@@ -52 +54 @@
 
     // ECMA 15.5.3.2 fromCharCode()
-    putDirectFunction(new (exec) PrototypeFunction(exec, functionPrototype, 1, exec->propertyNames().fromCharCode, stringFromCharCode), DontEnum);
+    putDirectFunction(exec, new (exec) PrototypeFunction(exec, functionPrototype, 1, exec->propertyNames().fromCharCode, stringFromCharCode), DontEnum);
 
     // no. of arguments for constructor

trunk/JavaScriptCore/kjs/StringObject.cpp

@@ -25 +25 @@
 
 namespace KJS {
+
+ASSERT_CLASS_FITS_IN_CELL(StringObject);
 
 const ClassInfo StringObject::info = { "String", 0, 0, 0 };

trunk/JavaScriptCore/kjs/StringPrototype.cpp

@@ -34 +34 @@
 
 namespace KJS {
+
+ASSERT_CLASS_FITS_IN_CELL(StringPrototype);
 
 static JSValue* stringProtoFuncToString(ExecState*, JSObject*, JSValue*, const ArgList&);

trunk/JavaScriptCore/kjs/collector.h

@@ -34 +34 @@
 #include <pthread.h>
 #endif
+
+#define ASSERT_CLASS_FITS_IN_CELL(class) COMPILE_ASSERT(sizeof(class) <= CELL_SIZE, class_fits_in_cell)
 
 namespace KJS {

trunk/JavaScriptCore/profiler/Profiler.cpp

@@ -30 +30 @@
 #include "Profiler.h"
 
+#include "CommonIdentifiers.h"
 #include "ExecState.h"
 #include "JSFunction.h"
@@ -44 +45 @@
 static unsigned ProfilesUID = 0;
 
-static CallIdentifier createCallIdentifier(JSObject*);
-static CallIdentifier createCallIdentifier(const UString& sourceURL, int startingLineNumber);
-static CallIdentifier createCallIdentifierFromFunctionImp(JSFunction*);
+static CallIdentifier createCallIdentifier(ExecState*, JSObject*);
+static CallIdentifier createCallIdentifier(ExecState*, const UString& sourceURL, int startingLineNumber);
+static CallIdentifier createCallIdentifierFromFunctionImp(ExecState*, JSFunction*);
 
 Profiler* Profiler::s_sharedProfiler = 0;
@@ -116 +117 @@
     ASSERT(!m_currentProfiles.isEmpty());
 
-    dispatchFunctionToProfiles(m_currentProfiles, &ProfileGenerator::willExecute, createCallIdentifier(calledFunction), exec->lexicalGlobalObject()->profileGroup());
+    dispatchFunctionToProfiles(m_currentProfiles, &ProfileGenerator::willExecute, createCallIdentifier(exec, calledFunction), exec->lexicalGlobalObject()->profileGroup());
 }
 
@@ -123 +124 @@
     ASSERT(!m_currentProfiles.isEmpty());
 
-    CallIdentifier callIdentifier = createCallIdentifier(sourceURL, startingLineNumber);
+    CallIdentifier callIdentifier = createCallIdentifier(exec, sourceURL, startingLineNumber);
 
     dispatchFunctionToProfiles(m_currentProfiles, &ProfileGenerator::willExecute, callIdentifier, exec->lexicalGlobalObject()->profileGroup());
@@ -132 +133 @@
     ASSERT(!m_currentProfiles.isEmpty());
 
-    dispatchFunctionToProfiles(m_currentProfiles, &ProfileGenerator::didExecute, createCallIdentifier(calledFunction), exec->lexicalGlobalObject()->profileGroup());
+    dispatchFunctionToProfiles(m_currentProfiles, &ProfileGenerator::didExecute, createCallIdentifier(exec, calledFunction), exec->lexicalGlobalObject()->profileGroup());
 }
 
@@ -139 +140 @@
     ASSERT(!m_currentProfiles.isEmpty());
 
-    dispatchFunctionToProfiles(m_currentProfiles, &ProfileGenerator::didExecute, createCallIdentifier(sourceURL, startingLineNumber), exec->lexicalGlobalObject()->profileGroup());
+    dispatchFunctionToProfiles(m_currentProfiles, &ProfileGenerator::didExecute, createCallIdentifier(exec, sourceURL, startingLineNumber), exec->lexicalGlobalObject()->profileGroup());
 }
 
-CallIdentifier createCallIdentifier(JSObject* calledFunction)
+CallIdentifier createCallIdentifier(ExecState* exec, JSObject* calledFunction)
 {
     if (calledFunction->inherits(&JSFunction::info))
-        return createCallIdentifierFromFunctionImp(static_cast<JSFunction*>(calledFunction));
+        return createCallIdentifierFromFunctionImp(exec, static_cast<JSFunction*>(calledFunction));
     if (calledFunction->inherits(&InternalFunction::info))
-        return CallIdentifier(static_cast<InternalFunction*>(calledFunction)->functionName().ustring(), "", 0);
+        return CallIdentifier(static_cast<InternalFunction*>(calledFunction)->name(exec), "", 0);
 
     UString name = "(" + calledFunction->className() + " object)";
@@ -153 +154 @@
 }
 
-CallIdentifier createCallIdentifier(const UString& sourceURL, int startingLineNumber)
+CallIdentifier createCallIdentifier(ExecState*, const UString& sourceURL, int startingLineNumber)
 {
     return CallIdentifier(GlobalCodeExecution, sourceURL, startingLineNumber);
 }
 
-CallIdentifier createCallIdentifierFromFunctionImp(JSFunction* functionImp)
+CallIdentifier createCallIdentifierFromFunctionImp(ExecState* exec, JSFunction* function)
 {
-    UString name = functionImp->functionName().ustring();
-    if (name.isEmpty())
-        name = AnonymousFunction;
-
-    return CallIdentifier(name, functionImp->m_body->sourceURL(), functionImp->m_body->lineNo());
+    const UString& name = function->name(exec);
+    return CallIdentifier(name.isEmpty() ? AnonymousFunction : name, function->m_body->sourceURL(), function->m_body->lineNo());
 }
 

trunk/WebCore/ChangeLog

@@ +1 @@
+2008-08-17  Geoffrey Garen  <[email protected]>
+
+        Reviewed by Cameron Zwarich.
+
+        Made room for a free word in JSCell.
+        
+        Changed JSDOMWindowBase to store its auxiliary data in a subclass of
+        JSGlobalData, so the two could share a pointer.
+        
+        Added a bunch of ASSERTs, to help catch over-sized objects.
+
 2008-08-15  Mark Rowe  <[email protected]>
 

trunk/WebCore/WebCore.xcodeproj/project.pbxproj

@@ -15457 +15457 @@
                         projectDirPath = "";
                         projectRoot = "";
-                        projectRoots = (
-                                "",
-                        );
                         targets = (
                                 93F198A508245E59001E9ABC /* WebCore */,

trunk/WebCore/bindings/js/JSDOMWindowBase.cpp

@@ -193 +193 @@
 */
 
+JSDOMWindowBase::JSDOMWindowBaseData::JSDOMWindowBaseData(PassRefPtr<DOMWindow> window_, JSDOMWindowBase* jsWindow_, JSDOMWindowShell* shell_)
+    : JSGlobalObjectData(jsWindow_, shell_)
+    , impl(window_)
+    , evt(0)
+    , returnValueSlot(0)
+    , shell(shell_)
+{
+}
+
 JSDOMWindowBase::JSDOMWindowBase(JSObject* prototype, DOMWindow* window, JSDOMWindowShell* shell)
-    : JSGlobalObject(prototype, shell)
-    , m_impl(window)
-    , d(new JSDOMWindowBasePrivate(shell))
+    : JSGlobalObject(prototype, new JSDOMWindowBaseData(window, this, shell), shell)
 {
     // Time in milliseconds before the script timeout handler kicks in.
@@ -203 +210 @@
     GlobalPropertyInfo staticGlobals[] = {
         GlobalPropertyInfo(Identifier(globalExec(), "document"), jsNull(), DontDelete | ReadOnly),
-        GlobalPropertyInfo(Identifier(globalExec(), "window"), d->m_shell, DontDelete | ReadOnly)
+        GlobalPropertyInfo(Identifier(globalExec(), "window"), d()->shell, DontDelete | ReadOnly)
     };
     
@@ -211 +218 @@
 void JSDOMWindowBase::updateDocument()
 {
-    ASSERT(m_impl->document());
+    ASSERT(d()->impl->document());
     ExecState* exec = globalExec();
-    symbolTablePutWithAttributes(Identifier(exec, "document"), toJS(exec, m_impl->document()), DontDelete | ReadOnly);
+    symbolTablePutWithAttributes(Identifier(exec, "document"), toJS(exec, d()->impl->document()), DontDelete | ReadOnly);
 }
 
 JSDOMWindowBase::~JSDOMWindowBase()
 {
-    if (m_impl->frame())
-        m_impl->frame()->script()->clearFormerWindow(asJSDOMWindow(this));
+    if (d()->impl->frame())
+        d()->impl->frame()->script()->clearFormerWindow(asJSDOMWindow(this));
 
     clearAllTimeouts();
@@ -225 +232 @@
     // Clear any backpointers to the window
 
-    ListenersMap::iterator i2 = d->jsEventListeners.begin();
-    ListenersMap::iterator e2 = d->jsEventListeners.end();
+    ListenersMap::iterator i2 = d()->jsEventListeners.begin();
+    ListenersMap::iterator e2 = d()->jsEventListeners.end();
     for (; i2 != e2; ++i2)
         i2->second->clearWindow();
-    i2 = d->jsHTMLEventListeners.begin();
-    e2 = d->jsHTMLEventListeners.end();
+    i2 = d()->jsHTMLEventListeners.begin();
+    e2 = d()->jsHTMLEventListeners.end();
     for (; i2 != e2; ++i2)
         i2->second->clearWindow();
 
-    UnprotectedListenersMap::iterator i1 = d->jsUnprotectedEventListeners.begin();
-    UnprotectedListenersMap::iterator e1 = d->jsUnprotectedEventListeners.end();
+    UnprotectedListenersMap::iterator i1 = d()->jsUnprotectedEventListeners.begin();
+    UnprotectedListenersMap::iterator e1 = d()->jsUnprotectedEventListeners.end();
     for (; i1 != e1; ++i1)
         i1->second->clearWindow();
-    i1 = d->jsUnprotectedHTMLEventListeners.begin();
-    e1 = d->jsUnprotectedHTMLEventListeners.end();
+    i1 = d()->jsUnprotectedHTMLEventListeners.begin();
+    e1 = d()->jsUnprotectedHTMLEventListeners.end();
     for (; i1 != e1; ++i1)
         i1->second->clearWindow();
@@ -432 +439 @@
       if (!allowsAccessFrom(exec))
         return jsUndefined();
-      if (!d->m_evt)
-        return jsUndefined();
-      return toJS(exec, d->m_evt);
+      if (!d()->evt)
+        return jsUndefined();
+      return toJS(exec, d()->evt);
     case Image:
       if (!allowsAccessFrom(exec))
@@ -835 +842 @@
         return 0;
     JSObject* object = static_cast<JSObject*>(val);
-    ListenersMap& listeners = html ? d->jsHTMLEventListeners : d->jsEventListeners;
+    ListenersMap& listeners = html ? d()->jsHTMLEventListeners : d()->jsEventListeners;
     return listeners.get(object);
 }
@@ -858 +865 @@
         return 0;
     JSObject* object = static_cast<JSObject*>(val);
-    UnprotectedListenersMap& listeners = html ? d->jsUnprotectedHTMLEventListeners : d->jsUnprotectedEventListeners;
+    UnprotectedListenersMap& listeners = html ? d()->jsUnprotectedHTMLEventListeners : d()->jsUnprotectedEventListeners;
     return listeners.get(object);
 }
@@ -877 +884 @@
 void JSDOMWindowBase::clearHelperObjectProperties()
 {
-    d->m_evt = 0;
+    d()->evt = 0;
 }
 
 void JSDOMWindowBase::clear()
 {
-    if (d->m_returnValueSlot && !*d->m_returnValueSlot)
-        *d->m_returnValueSlot = getDirect(Identifier(globalExec(), "returnValue"));
+    if (d()->returnValueSlot && !*d()->returnValueSlot)
+        *d()->returnValueSlot = getDirect(Identifier(globalExec(), "returnValue"));
 
     clearAllTimeouts();
@@ -891 +898 @@
 void JSDOMWindowBase::setCurrentEvent(Event* evt)
 {
-    d->m_evt = evt;
+    d()->evt = evt;
 }
 
 Event* JSDOMWindowBase::currentEvent()
 {
-    return d->m_evt;
+    return d()->evt;
 }
 
@@ -906 +913 @@
 JSDOMWindowShell* JSDOMWindowBase::shell() const
 {
-    return d->m_shell;
+    return d()->shell;
 }
 
@@ -1154 +1161 @@
 void JSDOMWindowBase::setReturnValueSlot(JSValue** slot)
 {
-    d->m_returnValueSlot = slot;
+    d()->returnValueSlot = slot;
 }
 
@@ -1161 +1168 @@
 void JSDOMWindowBase::clearAllTimeouts()
 {
-    deleteAllValues(d->m_timeouts);
-    d->m_timeouts.clear();
+    deleteAllValues(d()->timeouts);
+    d()->timeouts.clear();
 }
 
@@ -1175 +1182 @@
     int nestLevel = timerNestingLevel + 1;
     DOMWindowTimer* timer = new DOMWindowTimer(timeoutId, nestLevel, this, a);
-    ASSERT(!d->m_timeouts.get(timeoutId));
-    d->m_timeouts.set(timeoutId, timer);
+    ASSERT(!d()->timeouts.get(timeoutId));
+    d()->timeouts.set(timeoutId, timer);
     // Use a minimum interval of 10 ms to match other browsers, but only once we've
     // nested enough to notice that we're repeating.
@@ -1202 +1209 @@
 PausedTimeouts* JSDOMWindowBase::pauseTimeouts()
 {
-    size_t count = d->m_timeouts.size();
+    size_t count = d()->timeouts.size();
     if (count == 0)
         return 0;
@@ -1209 +1216 @@
     PausedTimeouts* result = new PausedTimeouts(t, count);
 
-    JSDOMWindowBasePrivate::TimeoutsMap::iterator it = d->m_timeouts.begin();
+    JSDOMWindowBaseData::TimeoutsMap::iterator it = d()->timeouts.begin();
     for (size_t i = 0; i != count; ++i, ++it) {
         int timeoutId = it->first;
@@ -1219 +1226 @@
         t[i].action = timer->takeAction();
     }
-    ASSERT(it == d->m_timeouts.end());
-
-    deleteAllValues(d->m_timeouts);
-    d->m_timeouts.clear();
+    ASSERT(it == d()->timeouts.end());
+
+    deleteAllValues(d()->timeouts);
+    d()->timeouts.clear();
 
     return result;
@@ -1236 +1243 @@
         int timeoutId = array[i].timeoutId;
         DOMWindowTimer* timer = new DOMWindowTimer(timeoutId, array[i].nestingLevel, this, array[i].action);
-        d->m_timeouts.set(timeoutId, timer);
+        d()->timeouts.set(timeoutId, timer);
         timer->start(array[i].nextFireInterval, array[i].repeatInterval);
     }
@@ -1250 +1257 @@
         return;
 
-    delete d->m_timeouts.take(timeoutId);
+    delete d()->timeouts.take(timeoutId);
 }
 
@@ -1262 +1269 @@
         // The DOMWindowTimer object may have been deleted or replaced during execution,
         // so we re-fetch it.
-        timer = d->m_timeouts.get(timeoutId);
+        timer = d()->timeouts.get(timeoutId);
         if (!timer)
             return;
@@ -1276 +1283 @@
     // Delete timer before executing the action for one-shot timers.
     ScheduledAction* action = timer->takeAction();
-    d->m_timeouts.remove(timer->timeoutId());
+    d()->timeouts.remove(timer->timeoutId());
     delete timer;
     action->execute(shell());
@@ -1290 +1297 @@
 JSDOMWindowBase::ListenersMap& JSDOMWindowBase::jsEventListeners()
 {
-    return d->jsEventListeners;
+    return d()->jsEventListeners;
 }
 
 JSDOMWindowBase::ListenersMap& JSDOMWindowBase::jsHTMLEventListeners()
 {
-    return d->jsHTMLEventListeners;
+    return d()->jsHTMLEventListeners;
 }
 
 JSDOMWindowBase::UnprotectedListenersMap& JSDOMWindowBase::jsUnprotectedEventListeners()
 {
-    return d->jsUnprotectedEventListeners;
+    return d()->jsUnprotectedEventListeners;
 }
 
 JSDOMWindowBase::UnprotectedListenersMap& JSDOMWindowBase::jsUnprotectedHTMLEventListeners()
 {
-    return d->jsUnprotectedHTMLEventListeners;
+    return d()->jsUnprotectedHTMLEventListeners;
 }
 

trunk/WebCore/bindings/js/JSDOMWindowBase.h

@@ -61 +61 @@
         void updateDocument();
 
-        DOMWindow* impl() const { return m_impl.get(); }
+        DOMWindow* impl() const { return d()->impl.get(); }
 
         void disconnectFrame();
@@ -147 +147 @@
 
     private:
+        struct JSDOMWindowBaseData : public JSGlobalObjectData {
+            JSDOMWindowBaseData(PassRefPtr<DOMWindow> window_, JSDOMWindowBase* jsWindow_, JSDOMWindowShell* shell_);
+
+            RefPtr<DOMWindow> impl;
+
+            JSDOMWindowBase::ListenersMap jsEventListeners;
+            JSDOMWindowBase::ListenersMap jsHTMLEventListeners;
+            JSDOMWindowBase::UnprotectedListenersMap jsUnprotectedEventListeners;
+            JSDOMWindowBase::UnprotectedListenersMap jsUnprotectedHTMLEventListeners;
+            Event* evt;
+            KJS::JSValue** returnValueSlot;
+            JSDOMWindowShell* shell;
+
+            typedef HashMap<int, DOMWindowTimer*> TimeoutsMap;
+            TimeoutsMap timeouts;
+        };
+        
         KJS::JSValue* getListener(KJS::ExecState*, const AtomicString& eventType) const;
         void setListener(KJS::ExecState*, const AtomicString& eventType, KJS::JSValue* function);
@@ -160 +177 @@
         bool allowsAccessFromPrivate(const KJS::JSGlobalObject*) const;
         String crossDomainAccessErrorMessage(const KJS::JSGlobalObject*) const;
-
-        RefPtr<DOMWindow> m_impl;
-        OwnPtr<JSDOMWindowBasePrivate> d;
+        
+        JSDOMWindowBaseData* d() const { return static_cast<JSDOMWindowBaseData*>(KJS::JSVariableObject::d); }
     };
 

trunk/WebCore/bindings/js/JSDOMWindowCustom.h

@@ -25 +25 @@
 
 namespace WebCore {
-
-struct JSDOMWindowBasePrivate {
-    JSDOMWindowBasePrivate(JSDOMWindowShell* shell)
-        : m_evt(0)
-        , m_returnValueSlot(0)
-        , m_shell(shell)
-    {
-    }
-
-    JSDOMWindowBase::ListenersMap jsEventListeners;
-    JSDOMWindowBase::ListenersMap jsHTMLEventListeners;
-    JSDOMWindowBase::UnprotectedListenersMap jsUnprotectedEventListeners;
-    JSDOMWindowBase::UnprotectedListenersMap jsUnprotectedHTMLEventListeners;
-    Event* m_evt;
-    KJS::JSValue** m_returnValueSlot;
-    JSDOMWindowShell* m_shell;
-
-    typedef HashMap<int, DOMWindowTimer*> TimeoutsMap;
-    TimeoutsMap m_timeouts;
-};
 
 inline JSDOMWindow* asJSDOMWindow(KJS::JSGlobalObject* globalObject)
@@ -181 +161 @@
 {
     const JSDOMWindow* originWindow = asJSDOMWindow(other);
-    const JSDOMWindow* targetWindow = d->m_shell->window();
+    const JSDOMWindow* targetWindow = d()->shell->window();
 
     if (originWindow == targetWindow)

trunk/WebCore/bindings/js/JSDOMWindowShell.cpp

@@ -39 +39 @@
 
 namespace WebCore {
+
+ASSERT_CLASS_FITS_IN_CELL(JSDOMWindowShell)
 
 const ClassInfo JSDOMWindowShell::s_info = { "JSDOMWindowShell", 0, 0, 0 };

trunk/WebCore/bindings/js/JSEventListener.cpp

@@ -42 +42 @@
 using namespace EventNames;
 
+ASSERT_CLASS_FITS_IN_CELL(JSAbstractEventListener)
+
 void JSAbstractEventListener::handleEvent(Event* event, bool isWindowEvent)
 {

trunk/WebCore/bindings/js/JSEventTargetNode.cpp

@@ -35 +35 @@
 using namespace KJS;
 
+ASSERT_CLASS_FITS_IN_CELL(JSEventTargetNode)
+
 JSEventTargetNode::JSEventTargetNode(JSObject* prototype, Node* node)
     : JSNode(prototype, node)

trunk/WebCore/bindings/js/JSHTMLInputElementBase.cpp

@@ -26 +26 @@
 
 namespace WebCore {
+
+ASSERT_CLASS_FITS_IN_CELL(JSHTMLInputElementBase)
 
 static JSValue* jsHTMLInputElementBaseFunctionSetSelectionRange(ExecState*, JSObject*, JSValue*, const ArgList&);

trunk/WebCore/bindings/js/JSHTMLOptionElementConstructor.cpp

@@ -29 +29 @@
 
 namespace WebCore {
+
+ASSERT_CLASS_FITS_IN_CELL(JSHTMLOptionElementConstructor)
 
 const ClassInfo JSHTMLOptionElementConstructor::s_info = { "OptionConstructor", 0, 0, 0 };

trunk/WebCore/bindings/js/JSImageConstructor.cpp

@@ -28 +28 @@
 
 namespace WebCore {
+
+ASSERT_CLASS_FITS_IN_CELL(JSImageConstructor)
 
 const ClassInfo JSImageConstructor::s_info = { "ImageConstructor", 0, 0, 0 };

trunk/WebCore/bindings/js/JSInspectedObjectWrapper.cpp

@@ -32 +32 @@
 
 namespace WebCore {
+
+ASSERT_CLASS_FITS_IN_CELL(JSInspectedObjectWrapper)
 
 typedef HashMap<JSObject*, JSInspectedObjectWrapper*> WrapperMap;

trunk/WebCore/bindings/js/JSInspectorCallbackWrapper.cpp

@@ -32 +32 @@
 
 namespace WebCore {
+
+ASSERT_CLASS_FITS_IN_CELL(JSInspectorCallbackWrapper)
 
 typedef HashMap<JSObject*, JSInspectorCallbackWrapper*> WrapperMap;

trunk/WebCore/bindings/js/JSNSResolver.cpp

@@ -35 +35 @@
 
 namespace WebCore {
+
+ASSERT_CLASS_FITS_IN_CELL(JSNSResolver)
 
 JSNSResolver::JSNSResolver(JSValue* resolver)

trunk/WebCore/bindings/js/JSNamedNodesCollection.cpp

@@ -36 +36 @@
 using namespace KJS;
 
+ASSERT_CLASS_FITS_IN_CELL(JSNamedNodesCollection)
+
 const ClassInfo JSNamedNodesCollection::s_info = { "Collection", 0, 0, 0 };
 
@@ -43 +45 @@
 JSNamedNodesCollection::JSNamedNodesCollection(KJS::JSObject* prototype, const Vector<RefPtr<Node> >& nodes)
     : DOMObject(prototype)
-    , m_nodes(nodes)
+    , m_nodes(new Vector<RefPtr<Node> >(nodes))
 {
 }
@@ -50 +52 @@
 {
     JSNamedNodesCollection* thisObj = static_cast<JSNamedNodesCollection*>(slot.slotBase());
-    return jsNumber(exec, thisObj->m_nodes.size());
+    return jsNumber(exec, thisObj->m_nodes->size());
 }
 
@@ -56 +58 @@
 {
     JSNamedNodesCollection *thisObj = static_cast<JSNamedNodesCollection*>(slot.slotBase());
-    return toJS(exec, thisObj->m_nodes[slot.index()].get());
+    return toJS(exec, (*thisObj->m_nodes)[slot.index()].get());
 }
 
@@ -68 +70 @@
     bool ok;
     unsigned index = propertyName.toUInt32(&ok);
-    if (ok && index < m_nodes.size()) {
+    if (ok && index < m_nodes->size()) {
         slot.setCustomIndex(this, index, indexGetter);
         return true;
@@ -77 +79 @@
 
     AtomicString atomicPropertyName = propertyName;
-    for (unsigned i = 0; i < m_nodes.size(); i++) {
-        Node* node = m_nodes[i].get();
+    for (unsigned i = 0; i < m_nodes->size(); i++) {
+        Node* node = (*m_nodes)[i].get();
         if (node->hasAttributes() && node->attributes()->id() == atomicPropertyName) {
             slot.setCustomIndex(this, i, indexGetter);

trunk/WebCore/bindings/js/JSNamedNodesCollection.h

@@ -49 +49 @@
         static KJS::JSValue* indexGetter(KJS::ExecState*, const KJS::Identifier&, const KJS::PropertySlot&);
 
-        Vector<RefPtr<Node> > m_nodes;
+        OwnPtr<Vector<RefPtr<Node> > > m_nodes;
     };
 

trunk/WebCore/bindings/js/JSNodeFilterCondition.cpp

@@ -28 +28 @@
 
 using namespace KJS;
+
+ASSERT_CLASS_FITS_IN_CELL(JSNodeFilterCondition)
 
 JSNodeFilterCondition::JSNodeFilterCondition(JSValue* filter)

trunk/WebCore/bindings/js/JSQuarantinedObjectWrapper.cpp

@@ -33 +33 @@
 namespace WebCore {
 
+ASSERT_CLASS_FITS_IN_CELL(JSQuarantinedObjectWrapper)
+
 const ClassInfo JSQuarantinedObjectWrapper::s_info = { "JSQuarantinedObjectWrapper", 0, 0, 0 };
 

trunk/WebCore/bindings/js/JSRGBColor.cpp

@@ -32 +32 @@
 
 namespace WebCore {
+
+ASSERT_CLASS_FITS_IN_CELL(JSRGBColor)
 
 const ClassInfo JSRGBColor::s_info = { "RGBColor", 0, &JSRGBColorTable, 0 };

trunk/WebCore/bindings/js/JSXMLHttpRequestConstructor.cpp

@@ -29 +29 @@
 namespace WebCore {
 
+ASSERT_CLASS_FITS_IN_CELL(JSXMLHttpRequestConstructor)
+
 const ClassInfo JSXMLHttpRequestConstructor::s_info = { "XMLHttpRequestConstructor", 0, 0, 0 };
 

trunk/WebCore/bindings/js/JSXSLTProcessorConstructor.cpp

@@ -38 +38 @@
 namespace WebCore {
 
+ASSERT_CLASS_FITS_IN_CELL(JSXSLTProcessorConstructor)
+
 const ClassInfo JSXSLTProcessorConstructor::s_info = { "XSLTProcessorConsructor", 0, 0, 0 };
 

trunk/WebCore/bindings/scripts/CodeGeneratorJS.pm

@@ -727 +727 @@
     push(@implContent, "\nusing namespace KJS;\n\n");
     push(@implContent, "namespace WebCore {\n\n");
+
+    push(@implContent, "ASSERT_CLASS_FITS_IN_CELL($className)\n\n");
 
     # - Add all attributes in a hashtable definition

trunk/WebCore/bridge/jni/jni_utility.cpp

@@ -355 +355 @@
     // other than a string.
     JSArray *jsArray = static_cast<JSArray *>(value);
-    unsigned length = jsArray->getLength();
+    unsigned length = jsArray->length();
     jobjectArray jarray = 0;
     

trunk/WebCore/bridge/runtime_method.cpp

@@ -35 +35 @@
 using namespace Bindings;
 
+ASSERT_CLASS_FITS_IN_CELL(RuntimeMethod);
+
 RuntimeMethod::RuntimeMethod(ExecState *exec, const Identifier &ident, Bindings::MethodList &m) 
-    : InternalFunction(exec->lexicalGlobalObject()->functionPrototype(), ident)
+    : InternalFunction(exec, exec->lexicalGlobalObject()->functionPrototype(), ident)
     , _methodList(new MethodList(m))
 {

trunk/WebKit/mac/ChangeLog

@@ +1 @@
+2008-08-17  Geoffrey Garen  <[email protected]>
+
+        Reviewed by Cameron Zwarich.
+
+        Made room for a free word in JSCell.
+        
+        (Updated for JavaScriptCore changes.)
+
 2008-08-15  Mark Rowe  <[email protected]>
 

trunk/WebKit/mac/WebView/WebScriptDebugger.mm

@@ -81 +81 @@
 {
     attach(globalObject);
-    DebuggerCallFrame globalCallFrame(globalObject, 0, globalObject->globalScopeChain().node(), 0, 0);
+    DebuggerCallFrame globalCallFrame(0, globalObject, 0, globalObject->globalScopeChain().node(), 0, 0);
     callEvent(globalCallFrame, 0, -1);
 }

trunk/WebKit/mac/WebView/WebView.mm

@@ -3251 +3251 @@
                     JSArray* array = static_cast<JSArray*>(object);
                     aeDesc = [NSAppleEventDescriptor listDescriptor];
-                    unsigned numItems = array->getLength();
+                    unsigned numItems = array->length();
                     for (unsigned i = 0; i < numItems; ++i)
                         [aeDesc insertDescriptor:aeDescFromJSValue(exec, array->get(exec, i)) atIndex:0];