Changeset 47022 in webkit for trunk/JavaScriptCore

Timestamp:

Aug 10, 2009, 9:35:02 PM (16 years ago)

Author:

[email protected]

Message:

Stack overflow crash in JavaScript garbage collector mark pass
​https://bugs.webkit.org/show_bug.cgi?id=12216

Reviewed by Gavin Barraclough and Sam Weinig

Make the GC mark phase iterative by using an explicit mark stack.
To do this marking any single object is performed in multiple stages

• The object is appended to the MarkStack, this sets the marked bit for the object using the new markDirect() function, and then returns
• When the MarkStack is drain()ed the object is popped off the stack and markChildren(MarkStack&) is called on the object to collect all of its children. drain() then repeats until the stack is empty.

Additionally I renamed a number of methods from 'mark' to 'markAggregate'
in order to make it more clear that marking of those object was not
going to result in an actual recursive mark.

Location:

trunk/JavaScriptCore

Files:

• ChangeLog (modified) (1 diff)
• GNUmakefile.am (modified) (2 diffs)
• JavaScriptCore.exp (modified) (6 diffs)
• JavaScriptCore.gypi (modified) (1 diff)
• JavaScriptCore.pri (modified) (1 diff)
• JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj (modified) (1 diff)
• JavaScriptCore.xcodeproj/project.pbxproj (modified) (7 diffs)
• bytecode/CodeBlock.cpp (modified) (1 diff)
• bytecode/CodeBlock.h (modified) (1 diff)
• bytecode/EvalCodeCache.h (modified) (1 diff)
• debugger/DebuggerActivation.cpp (modified) (2 diffs)
• debugger/DebuggerActivation.h (modified) (2 diffs)
• interpreter/Register.h (modified) (3 diffs)
• interpreter/RegisterFile.h (modified) (2 diffs)
• parser/Nodes.cpp (modified) (4 diffs)
• parser/Nodes.h (modified) (4 diffs)
• runtime/ArgList.cpp (modified) (2 diffs)
• runtime/ArgList.h (modified) (1 diff)
• runtime/Arguments.cpp (modified) (2 diffs)
• runtime/Arguments.h (modified) (2 diffs)
• runtime/Collector.cpp (modified) (15 diffs)
• runtime/Collector.h (modified) (3 diffs)
• runtime/GetterSetter.cpp (modified) (2 diffs)
• runtime/GetterSetter.h (modified) (4 diffs)
• runtime/GlobalEvalFunction.cpp (modified) (2 diffs)
• runtime/GlobalEvalFunction.h (modified) (2 diffs)
• runtime/JSAPIValueWrapper.h (modified) (3 diffs)
• runtime/JSActivation.cpp (modified) (3 diffs)
• runtime/JSActivation.h (modified) (2 diffs)
• runtime/JSArray.cpp (modified) (2 diffs)
• runtime/JSArray.h (modified) (2 diffs)
• runtime/JSCell.h (modified) (6 diffs)
• runtime/JSFunction.cpp (modified) (2 diffs)
• runtime/JSFunction.h (modified) (1 diff)
• runtime/JSGlobalData.cpp (modified) (3 diffs)
• runtime/JSGlobalData.h (modified) (3 diffs)
• runtime/JSGlobalObject.cpp (modified) (3 diffs)
• runtime/JSGlobalObject.h (modified) (2 diffs)
• runtime/JSNotAnObject.cpp (modified) (2 diffs)
• runtime/JSNotAnObject.h (modified) (2 diffs)
• runtime/JSONObject.cpp (modified) (3 diffs)
• runtime/JSONObject.h (modified) (1 diff)
• runtime/JSObject.cpp (modified) (4 diffs)
• runtime/JSObject.h (modified) (2 diffs)
• runtime/JSPropertyNameIterator.cpp (modified) (2 diffs)
• runtime/JSPropertyNameIterator.h (modified) (5 diffs)
• runtime/JSStaticScopeObject.cpp (modified) (2 diffs)
• runtime/JSStaticScopeObject.h (modified) (2 diffs)
• runtime/JSType.h (modified) (1 diff)
• runtime/JSValue.h (modified) (3 diffs)
• runtime/JSWrapperObject.cpp (modified) (2 diffs)
• runtime/JSWrapperObject.h (modified) (1 diff)
• runtime/MarkStack.cpp (copied) (copied from trunk/WebCore/bindings/js/JSWorkerCustom.cpp ) (2 diffs)
• runtime/MarkStack.h (added)
• runtime/MarkStackPosix.cpp (copied) (copied from trunk/WebCore/bindings/js/JSWorkerCustom.cpp ) (2 diffs)
• runtime/MarkStackWin.cpp (copied) (copied from trunk/WebCore/bindings/js/JSWorkerCustom.cpp ) (2 diffs)
• runtime/ScopeChain.h (modified) (2 diffs)
• runtime/ScopeChainMark.h (modified) (2 diffs)
• runtime/SmallStrings.cpp (modified) (1 diff)
• runtime/Structure.h (modified) (3 diffs)

trunk/JavaScriptCore/ChangeLog

@@ +1 @@
+2009-08-07  Oliver Hunt  <[email protected]>
+
+        Reviewed by Gavin Barraclough.
+
+        Stack overflow crash in JavaScript garbage collector mark pass
+        https://bugs.webkit.org/show_bug.cgi?id=12216
+
+        Make the GC mark phase iterative by using an explicit mark stack.
+        To do this marking any single object is performed in multiple stages
+          * The object is appended to the MarkStack, this sets the marked
+            bit for the object using the new markDirect() function, and then
+            returns
+          * When the MarkStack is drain()ed the object is popped off the stack
+            and markChildren(MarkStack&) is called on the object to collect 
+            all of its children.  drain() then repeats until the stack is empty.
+
+        Additionally I renamed a number of methods from 'mark' to 'markAggregate'
+        in order to make it more clear that marking of those object was not
+        going to result in an actual recursive mark.
+
+        * GNUmakefile.am
+        * JavaScriptCore.exp:
+        * JavaScriptCore.gypi:
+        * JavaScriptCore.pri:
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * bytecode/CodeBlock.cpp:
+        (JSC::CodeBlock::markAggregate):
+        * bytecode/CodeBlock.h:
+        * bytecode/EvalCodeCache.h:
+        (JSC::EvalCodeCache::markAggregate):
+        * debugger/DebuggerActivation.cpp:
+        (JSC::DebuggerActivation::markChildren):
+        * debugger/DebuggerActivation.h:
+        * interpreter/Register.h:
+        * interpreter/RegisterFile.h:
+        (JSC::RegisterFile::markGlobals):
+        (JSC::RegisterFile::markCallFrames):
+        * parser/Nodes.cpp:
+        (JSC::ScopeNodeData::markAggregate):
+        (JSC::EvalNode::markAggregate):
+        (JSC::FunctionBodyNode::markAggregate):
+        * parser/Nodes.h:
+        (JSC::ScopeNode::markAggregate):
+        * runtime/ArgList.cpp:
+        (JSC::MarkedArgumentBuffer::markLists):
+        * runtime/ArgList.h:
+        * runtime/Arguments.cpp:
+        (JSC::Arguments::markChildren):
+        * runtime/Arguments.h:
+        * runtime/Collector.cpp:
+        (JSC::Heap::markConservatively):
+        (JSC::Heap::markCurrentThreadConservativelyInternal):
+        (JSC::Heap::markCurrentThreadConservatively):
+        (JSC::Heap::markOtherThreadConservatively):
+        (JSC::Heap::markStackObjectsConservatively):
+        (JSC::Heap::markProtectedObjects):
+        (JSC::Heap::collect):
+        * runtime/Collector.h:
+        * runtime/GetterSetter.cpp:
+        (JSC::GetterSetter::markChildren):
+        * runtime/GetterSetter.h:
+        (JSC::GetterSetter::GetterSetter):
+        (JSC::GetterSetter::createStructure):
+        * runtime/GlobalEvalFunction.cpp:
+        (JSC::GlobalEvalFunction::markChildren):
+        * runtime/GlobalEvalFunction.h:
+        * runtime/JSActivation.cpp:
+        (JSC::JSActivation::markChildren):
+        * runtime/JSActivation.h:
+        * runtime/JSArray.cpp:
+        (JSC::JSArray::markChildren):
+        * runtime/JSArray.h:
+        * runtime/JSCell.h:
+        (JSC::JSCell::markCellDirect):
+        (JSC::JSCell::markChildren):
+        (JSC::JSValue::markDirect):
+        (JSC::JSValue::markChildren):
+        (JSC::JSValue::hasChildren):
+        (JSC::MarkStack::append):
+        (JSC::MarkStack::drain):
+        * runtime/JSFunction.cpp:
+        (JSC::JSFunction::markChildren):
+        * runtime/JSFunction.h:
+        * runtime/JSGlobalData.cpp:
+        (JSC::JSGlobalData::JSGlobalData):
+        * runtime/JSGlobalData.h:
+        * runtime/JSGlobalObject.cpp:
+        (JSC::markIfNeeded):
+        (JSC::JSGlobalObject::markChildren):
+        * runtime/JSGlobalObject.h:
+        * runtime/JSNotAnObject.cpp:
+        (JSC::JSNotAnObject::markChildren):
+        * runtime/JSNotAnObject.h:
+        * runtime/JSONObject.cpp:
+        (JSC::Stringifier::markAggregate):
+        (JSC::JSONObject::markStringifiers):
+        * runtime/JSONObject.h:
+        * runtime/JSObject.cpp:
+        (JSC::JSObject::markChildren):
+        (JSC::JSObject::defineGetter):
+        (JSC::JSObject::defineSetter):
+        * runtime/JSObject.h:
+        * runtime/JSPropertyNameIterator.cpp:
+        (JSC::JSPropertyNameIterator::markChildren):
+        * runtime/JSPropertyNameIterator.h:
+        (JSC::JSPropertyNameIterator::createStructure):
+        (JSC::JSPropertyNameIterator::JSPropertyNameIterator):
+        (JSC::JSPropertyNameIterator::create):
+        * runtime/JSStaticScopeObject.cpp:
+        (JSC::JSStaticScopeObject::markChildren):
+        * runtime/JSStaticScopeObject.h:
+        * runtime/JSType.h:
+        (JSC::):
+        * runtime/JSValue.h:
+        * runtime/JSWrapperObject.cpp:
+        (JSC::JSWrapperObject::markChildren):
+        * runtime/JSWrapperObject.h:
+        * runtime/MarkStack.cpp: Added.
+        (JSC::MarkStack::compact):
+        * runtime/MarkStack.h: Added.
+        (JSC::):
+        (JSC::MarkStack::MarkStack):
+        (JSC::MarkStack::append):
+        (JSC::MarkStack::appendValues):
+        (JSC::MarkStack::~MarkStack):
+        (JSC::MarkStack::MarkSet::MarkSet):
+        (JSC::MarkStack::pageSize):
+        
+        MarkStackArray is a non-shrinking, mmap-based vector type
+        used for storing objects to be marked.
+        (JSC::MarkStack::MarkStackArray::MarkStackArray):
+        (JSC::MarkStack::MarkStackArray::~MarkStackArray):
+        (JSC::MarkStack::MarkStackArray::expand):
+        (JSC::MarkStack::MarkStackArray::append):
+        (JSC::MarkStack::MarkStackArray::removeLast):
+        (JSC::MarkStack::MarkStackArray::isEmpty):
+        (JSC::MarkStack::MarkStackArray::size):
+        (JSC::MarkStack::MarkStackArray::shrinkAllocation):
+        * runtime/MarkStackPosix.cpp: Added.
+        (JSC::MarkStack::allocateStack):
+        (JSC::MarkStack::releaseStack):
+        * runtime/MarkStackWin.cpp: Added.
+        (JSC::MarkStack::allocateStack):
+        (JSC::MarkStack::releaseStack):
+
+        * runtime/ScopeChain.h:
+        * runtime/ScopeChainMark.h:
+        (JSC::ScopeChain::markAggregate):
+        * runtime/SmallStrings.cpp:
+        (JSC::SmallStrings::mark):
+        * runtime/Structure.h:
+        (JSC::Structure::markAggregate):
+
 2009-08-10  Mark Rowe  <[email protected]>
         

trunk/JavaScriptCore/GNUmakefile.am

@@ -192 +192 @@
         JavaScriptCore/runtime/LiteralParser.cpp \
         JavaScriptCore/runtime/LiteralParser.h \
+        JavaScriptCore/runtime/MarkStack.cpp \
+        JavaScriptCore/runtime/MarkStack.h \
+        JavaScriptCore/runtime/MarkStackPosix.cpp \
         JavaScriptCore/runtime/SmallStrings.cpp \
         JavaScriptCore/runtime/SmallStrings.h \
@@ -437 +440 @@
         JavaScriptCore/runtime/Lookup.cpp \
         JavaScriptCore/runtime/Lookup.h \
+        JavaScriptCore/runtime/MarkStack.cpp \
+        JavaScriptCore/runtime/MarkStack.h \
+        JavaScriptCore/runtime/MarkStackWin.cpp \
         JavaScriptCore/runtime/MathObject.cpp \
         JavaScriptCore/runtime/MathObject.h \

trunk/JavaScriptCore/JavaScriptCore.exp

@@ -132 +132 @@
 __ZN3JSC14JSGlobalObject12defineGetterEPNS_9ExecStateERKNS_10IdentifierEPNS_8JSObjectE
 __ZN3JSC14JSGlobalObject12defineSetterEPNS_9ExecStateERKNS_10IdentifierEPNS_8JSObjectE
+__ZN3JSC14JSGlobalObject12markChildrenERNS_9MarkStackE
 __ZN3JSC14JSGlobalObject17putWithAttributesEPNS_9ExecStateERKNS_10IdentifierENS_7JSValueEj
 __ZN3JSC14JSGlobalObject3putEPNS_9ExecStateERKNS_10IdentifierENS_7JSValueERNS_15PutPropertySlotE  
 __ZN3JSC14JSGlobalObject4initEPNS_8JSObjectE
-__ZN3JSC14JSGlobalObject4markEv
 __ZN3JSC14JSGlobalObjectD2Ev
 __ZN3JSC14JSGlobalObjectnwEmPNS_12JSGlobalDataE
@@ -142 +142 @@
 __ZN3JSC14TimeoutChecker5resetEv
 __ZN3JSC14constructArrayEPNS_9ExecStateERKNS_7ArgListE
-__ZN3JSC15JSWrapperObject4markEv
+__ZN3JSC15JSWrapperObject12markChildrenERNS_9MarkStackE
 __ZN3JSC15toInt32SlowCaseEdRb
 __ZN3JSC16FunctionBodyNode13finishParsingEPNS_10IdentifierEm
@@ -237 +237 @@
 __ZN3JSC8JSObject12lookupGetterEPNS_9ExecStateERKNS_10IdentifierE
 __ZN3JSC8JSObject12lookupSetterEPNS_9ExecStateERKNS_10IdentifierE
+__ZN3JSC8JSObject12markChildrenERNS_9MarkStackE
 __ZN3JSC8JSObject14deletePropertyEPNS_9ExecStateERKNS_10IdentifierE
 __ZN3JSC8JSObject14deletePropertyEPNS_9ExecStateEj
@@ -252 +253 @@
 __ZN3JSC8JSObject3putEPNS_9ExecStateERKNS_10IdentifierENS_7JSValueERNS_15PutPropertySlotE
 __ZN3JSC8JSObject3putEPNS_9ExecStateEjNS_7JSValueE  
-__ZN3JSC8JSObject4markEv
 __ZN3JSC8Profiler13stopProfilingEPNS_9ExecStateERKNS_7UStringE
 __ZN3JSC8Profiler14startProfilingEPNS_9ExecStateERKNS_7UStringE
@@ -260 +260 @@
 __ZN3JSC9CodeBlockD1Ev
 __ZN3JSC9CodeBlockD2Ev
+__ZN3JSC9MarkStack10s_pageSizeE
+__ZN3JSC9MarkStack12releaseStackEPvm
+__ZN3JSC9MarkStack13allocateStackEm
 __ZN3JSC9Structure17stopIgnoringLeaksEv
 __ZN3JSC9Structure18startIgnoringLeaksEv
@@ -327 +330 @@
 __ZNK3JSC12StringObject8toStringEPNS_9ExecStateE
 __ZNK3JSC14JSGlobalObject14isDynamicScopeEv
+
 __ZNK3JSC16FunctionBodyNode14isHostFunctionEv
 __ZNK3JSC16InternalFunction9classInfoEv

trunk/JavaScriptCore/JavaScriptCore.gypi

@@ -266 +266 @@
             'runtime/Lookup.cpp',
             'runtime/Lookup.h',
+            'runtime/MarkStack.cpp',
+            'runtime/MarkStack.h',
+            'runtime/MarkStackWin.cpp',
             'runtime/MathObject.cpp',
             'runtime/MathObject.h',

trunk/JavaScriptCore/JavaScriptCore.pri

@@ -99 +99 @@
     runtime/JSONObject.cpp \
     runtime/LiteralParser.cpp \
+    runtime/MarkStack.cpp \
+    runtime/MarkStackPosix.cpp \
     runtime/TimeoutChecker.cpp \
     bytecode/CodeBlock.cpp \

trunk/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj

@@ -882 +882 @@
                         <File
                                 RelativePath="..\..\runtime\Lookup.h"
+                                >
+                        </File>
+                        <File
+                                RelativePath="..\..\runtime\MarkStack.h"
+                                >
+                        </File>
+                        <File
+                                RelativePath="..\..\runtime\MarkStack.cpp"
+                                >
+                        </File>
+                        <File
+                                RelativePath="..\..\runtime\MarkStackWin.cpp"
                                 >
                         </File>

trunk/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj

@@ -197 +197 @@
                 A72701B90DADE94900E548D7 /* ExceptionHelpers.h in Headers */ = {isa = PBXBuildFile; fileRef = A72701B30DADE94900E548D7 /* ExceptionHelpers.h */; };
                 A727FF6B0DA3092200E548D7 /* JSPropertyNameIterator.cpp in Sources */ = {isa = PBXBuildFile; fileRef = A727FF660DA3053B00E548D7 /* JSPropertyNameIterator.cpp */; };
+                A74B3499102A5F8E0032AB98 /* MarkStack.cpp in Sources */ = {isa = PBXBuildFile; fileRef = A74B3498102A5F8E0032AB98 /* MarkStack.cpp */; };
                 A766B44F0EE8DCD1009518CA /* ExecutableAllocator.h in Headers */ = {isa = PBXBuildFile; fileRef = A7B48DB50EE74CFC00DCBDB6 /* ExecutableAllocator.h */; settings = {ATTRIBUTES = (Private, ); }; };
                 A76EE6590FAE59D5003F069A /* NativeFunctionWrapper.h in Headers */ = {isa = PBXBuildFile; fileRef = A76EE6580FAE59D5003F069A /* NativeFunctionWrapper.h */; settings = {ATTRIBUTES = (Private, ); }; };
+                A7795590101A74D500114E55 /* MarkStack.h in Headers */ = {isa = PBXBuildFile; fileRef = A779558F101A74D500114E55 /* MarkStack.h */; settings = {ATTRIBUTES = (Private, ); }; };
                 A782F1A50EEC9FA20036273F /* ExecutableAllocatorPosix.cpp in Sources */ = {isa = PBXBuildFile; fileRef = A782F1A40EEC9FA20036273F /* ExecutableAllocatorPosix.cpp */; };
                 A791EF280F11E07900AE1F68 /* JSByteArray.h in Headers */ = {isa = PBXBuildFile; fileRef = A791EF260F11E07900AE1F68 /* JSByteArray.h */; settings = {ATTRIBUTES = (Private, ); }; };
@@ -205 +207 @@
                 A7A1F7AD0F252B3C00E184E2 /* ByteArray.h in Headers */ = {isa = PBXBuildFile; fileRef = A7A1F7AB0F252B3C00E184E2 /* ByteArray.h */; settings = {ATTRIBUTES = (Private, ); }; };
                 A7B48F490EE8936F00DCBDB6 /* ExecutableAllocator.cpp in Sources */ = {isa = PBXBuildFile; fileRef = A7B48DB60EE74CFC00DCBDB6 /* ExecutableAllocator.cpp */; };
+                A7C530E4102A3813005BC741 /* MarkStackPosix.cpp in Sources */ = {isa = PBXBuildFile; fileRef = A7C530E3102A3813005BC741 /* MarkStackPosix.cpp */; };
                 A7E2EA6B0FB460CF00601F06 /* LiteralParser.h in Headers */ = {isa = PBXBuildFile; fileRef = A7E2EA690FB460CF00601F06 /* LiteralParser.h */; };
                 A7E2EA6C0FB460CF00601F06 /* LiteralParser.cpp in Sources */ = {isa = PBXBuildFile; fileRef = A7E2EA6A0FB460CF00601F06 /* LiteralParser.cpp */; };
@@ -739 +742 @@
                 A727FF650DA3053B00E548D7 /* JSPropertyNameIterator.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = JSPropertyNameIterator.h; sourceTree = "<group>"; };
                 A727FF660DA3053B00E548D7 /* JSPropertyNameIterator.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = JSPropertyNameIterator.cpp; sourceTree = "<group>"; };
+                A74B3498102A5F8E0032AB98 /* MarkStack.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = MarkStack.cpp; sourceTree = "<group>"; };
                 A76EE6580FAE59D5003F069A /* NativeFunctionWrapper.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = NativeFunctionWrapper.h; sourceTree = "<group>"; };
+                A779558F101A74D500114E55 /* MarkStack.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = MarkStack.h; sourceTree = "<group>"; };
                 A782F1A40EEC9FA20036273F /* ExecutableAllocatorPosix.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = ExecutableAllocatorPosix.cpp; sourceTree = "<group>"; };
                 A791EF260F11E07900AE1F68 /* JSByteArray.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = JSByteArray.h; sourceTree = "<group>"; };
@@ -747 +752 @@
                 A7B48DB50EE74CFC00DCBDB6 /* ExecutableAllocator.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ExecutableAllocator.h; sourceTree = "<group>"; };
                 A7B48DB60EE74CFC00DCBDB6 /* ExecutableAllocator.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = ExecutableAllocator.cpp; sourceTree = "<group>"; };
+                A7C530E3102A3813005BC741 /* MarkStackPosix.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = MarkStackPosix.cpp; sourceTree = "<group>"; };
                 A7E2EA690FB460CF00601F06 /* LiteralParser.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = LiteralParser.h; sourceTree = "<group>"; };
                 A7E2EA6A0FB460CF00601F06 /* LiteralParser.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = LiteralParser.cpp; sourceTree = "<group>"; };
@@ -1491 +1497 @@
                                 F692A8850255597D01FF60F7 /* UString.cpp */,
                                 F692A8860255597D01FF60F7 /* UString.h */,
+                                A779558F101A74D500114E55 /* MarkStack.h */,
+                                A7C530E3102A3813005BC741 /* MarkStackPosix.cpp */,
+                                A74B3498102A5F8E0032AB98 /* MarkStack.cpp */,
                         );
                         path = runtime;
@@ -1893 +1902 @@
                                 1429DABF0ED263E700B89619 /* WRECParser.h in Headers */,
                                 9688CB160ED12B4E001D649F /* X86Assembler.h in Headers */,
+                                A7795590101A74D500114E55 /* MarkStack.h in Headers */,
                         );
                         runOnlyForDeploymentPostprocessing = 0;
@@ -2259 +2269 @@
                                 1429DAE10ED2645B00B89619 /* WRECGenerator.cpp in Sources */,
                                 1429DAC00ED263E700B89619 /* WRECParser.cpp in Sources */,
+                                A7C530E4102A3813005BC741 /* MarkStackPosix.cpp in Sources */,
+                                A74B3499102A5F8E0032AB98 /* MarkStack.cpp in Sources */,
                         );
                         runOnlyForDeploymentPostprocessing = 0;

trunk/JavaScriptCore/bytecode/CodeBlock.cpp

@@ -1429 +1429 @@
 }
 
-void CodeBlock::mark()
-{
-    for (size_t i = 0; i < m_constantRegisters.size(); ++i)
+void CodeBlock::markAggregate(MarkStack& markStack)
+{
+    for (size_t i = 0; i < m_constantRegisters.size(); ++i) {
         if (!m_constantRegisters[i].marked())
-            m_constantRegisters[i].mark();
+            markStack.append(m_constantRegisters[i].jsValue());
+    }
 
     for (size_t i = 0; i < m_functionExpressions.size(); ++i)
-        m_functionExpressions[i]->body()->mark();
+        m_functionExpressions[i]->body()->markAggregate(markStack);
 
     if (m_rareData) {
         for (size_t i = 0; i < m_rareData->m_functions.size(); ++i)
-            m_rareData->m_functions[i]->body()->mark();
-
-        m_rareData->m_evalCodeCache.mark();
+            m_rareData->m_functions[i]->body()->markAggregate(markStack);
+
+        m_rareData->m_evalCodeCache.markAggregate(markStack);
     }
 }

trunk/JavaScriptCore/bytecode/CodeBlock.h

@@ -256 +256 @@
         ~CodeBlock();
 
-        void mark();
+        void markAggregate(MarkStack&);
         void refStructures(Instruction* vPC) const;
         void derefStructures(Instruction* vPC) const;

trunk/JavaScriptCore/bytecode/EvalCodeCache.h

@@ -69 +69 @@
         bool isEmpty() const { return m_cacheMap.isEmpty(); }
 
-        void mark()
+        void markAggregate(MarkStack& markStack)
         {
             EvalCacheMap::iterator end = m_cacheMap.end();
             for (EvalCacheMap::iterator ptr = m_cacheMap.begin(); ptr != end; ++ptr)
-                ptr->second->mark();
+                ptr->second->markAggregate(markStack);
         }
     private:

trunk/JavaScriptCore/debugger/DebuggerActivation.cpp

@@ -1 +1 @@
 /*
- * Copyright (C) 2008 Apple Inc. All rights reserved.
+ * Copyright (C) 2008, 2009 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -39 +39 @@
 }
 
-void DebuggerActivation::mark()
+void DebuggerActivation::markChildren(MarkStack& markStack)
 {
-    JSObject::mark();
-    if (m_activation && !m_activation->marked())
-        m_activation->mark();
+    JSObject::markChildren(markStack);
+
+    if (m_activation)
+        markStack.append(m_activation);
 }
 

trunk/JavaScriptCore/debugger/DebuggerActivation.h

@@ -1 +1 @@
 /*
- * Copyright (C) 2008 Apple Inc. All rights reserved.
+ * Copyright (C) 2008, 2009 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -37 +37 @@
         DebuggerActivation(JSObject*);
 
-        virtual void mark();
+        virtual void markChildren(MarkStack&);
         virtual UString className() const;
         virtual bool getOwnPropertySlot(ExecState*, const Identifier& propertyName, PropertySlot&);

trunk/JavaScriptCore/interpreter/Register.h

@@ -1 +1 @@
 /*
- * Copyright (C) 2008 Apple Inc. All rights reserved.
+ * Copyright (C) 2008, 2009 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -57 +57 @@
 
         bool marked() const;
-        void mark();
+        void markChildren(MarkStack&);
         
         Register(JSActivation*);
@@ -121 +121 @@
     }
 
-    ALWAYS_INLINE void Register::mark()
-    {
-        jsValue().mark();
-    }
-    
     // Interpreter functions
 

trunk/JavaScriptCore/interpreter/RegisterFile.h

@@ -1 +1 @@
 /*
- * Copyright (C) 2008 Apple Inc. All rights reserved.
+ * Copyright (C) 2008, 2009 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -137 +137 @@
         Register* lastGlobal() const { return m_start - m_numGlobals; }
         
-        void markGlobals(Heap* heap) { heap->markConservatively(lastGlobal(), m_start); }
-        void markCallFrames(Heap* heap) { heap->markConservatively(m_start, m_end); }
+        void markGlobals(MarkStack& markStack, Heap* heap) { heap->markConservatively(markStack, lastGlobal(), m_start); }
+        void markCallFrames(MarkStack& markStack, Heap* heap) { heap->markConservatively(markStack, m_start, m_end); }
 
     private:

trunk/JavaScriptCore/parser/Nodes.cpp

@@ -1819 +1819 @@
 }
 
-void ScopeNodeData::mark()
+void ScopeNodeData::markAggregate(MarkStack& markStack)
 {
     FunctionStack::iterator end = m_functionStack.end();
@@ -1826 +1826 @@
         if (!body->isGenerated())
             continue;
-        body->generatedBytecode().mark();
+        body->generatedBytecode().markAggregate(markStack);
     }
 }
@@ -1973 +1973 @@
 }
 
-void EvalNode::mark()
+void EvalNode::markAggregate(MarkStack& markStack)
 {
     // We don't need to mark our own CodeBlock as the JSGlobalObject takes care of that
-    data()->mark();
+    data()->markAggregate(markStack);
 }
 
@@ -2031 +2031 @@
 }
 
-void FunctionBodyNode::mark()
+void FunctionBodyNode::markAggregate(MarkStack& markStack)
 {
     if (m_code)
-        m_code->mark();
+        m_code->markAggregate(markStack);
 }
 

trunk/JavaScriptCore/parser/Nodes.h

@@ -1391 +1391 @@
         StatementVector m_children;
 
-        void mark();
+        void markAggregate(MarkStack&);
     };
 
@@ -1437 +1437 @@
         }
 
-        virtual void mark() { }
+        virtual void markAggregate(MarkStack&) { }
 
 #if ENABLE(JIT)
@@ -1516 +1516 @@
         EvalCodeBlock& bytecodeForExceptionInfoReparse(ScopeChainNode*, CodeBlock*);
 
-        virtual void mark();
+        virtual void markAggregate(MarkStack&);
 
 #if ENABLE(JIT)
@@ -1564 +1564 @@
         bool isHostFunction() const;
 
-        virtual void mark();
+        virtual void markAggregate(MarkStack&);
 
         void finishParsing(const SourceCode&, ParameterNode*);

trunk/JavaScriptCore/runtime/ArgList.cpp

@@ -1 +1 @@
 /*
- *  Copyright (C) 2003, 2004, 2005, 2006, 2007 Apple Inc. All rights reserved.
+ *  Copyright (C) 2003, 2004, 2005, 2006, 2007, 2009 Apple Inc. All rights reserved.
  *
  *  This library is free software; you can redistribute it and/or
@@ -38 +38 @@
 }
 
-void MarkedArgumentBuffer::markLists(ListSet& markSet)
+void MarkedArgumentBuffer::markLists(MarkStack& markStack, ListSet& markSet)
 {
     ListSet::iterator end = markSet.end();
     for (ListSet::iterator it = markSet.begin(); it != end; ++it) {
         MarkedArgumentBuffer* list = *it;
-
-        iterator end2 = list->end();
-        for (iterator it2 = list->begin(); it2 != end2; ++it2)
-            if (!(*it2).marked())
-                (*it2).mark();
+        markStack.appendValues(reinterpret_cast<JSValue*>(list->m_buffer), list->m_size);
     }
 }

trunk/JavaScriptCore/runtime/ArgList.h

@@ -136 +136 @@
         const_iterator end() const { return m_buffer + m_size; }
 
-        static void markLists(ListSet&);
+        static void markLists(MarkStack&, ListSet&);
 
     private:

trunk/JavaScriptCore/runtime/Arguments.cpp

@@ -2 +2 @@
  *  Copyright (C) 1999-2002 Harri Porten ([email protected])
  *  Copyright (C) 2001 Peter Kelly ([email protected])
- *  Copyright (C) 2003, 2004, 2005, 2006, 2007, 2008 Apple Inc. All rights reserved.
+ *  Copyright (C) 2003, 2004, 2005, 2006, 2007, 2008, 2009 Apple Inc. All rights reserved.
  *  Copyright (C) 2007 Cameron Zwarich ([email protected])
  *  Copyright (C) 2007 Maks Orlovich
@@ -44 +44 @@
 }
 
-void Arguments::mark()
-{
-    JSObject::mark();
-
-    if (d->registerArray) {
-        for (unsigned i = 0; i < d->numParameters; ++i) {
-            if (!d->registerArray[i].marked())
-                d->registerArray[i].mark();
-        }
-    }
+void Arguments::markChildren(MarkStack& markStack)
+{
+    JSObject::markChildren(markStack);
+
+    if (d->registerArray)
+        markStack.appendValues(reinterpret_cast<JSValue*>(d->registerArray.get()), d->numParameters);
 
     if (d->extraArguments) {
         unsigned numExtraArguments = d->numArguments - d->numParameters;
-        for (unsigned i = 0; i < numExtraArguments; ++i) {
-            if (!d->extraArguments[i].marked())
-                d->extraArguments[i].mark();
-        }
-    }
-
-    if (!d->callee->marked())
-        d->callee->mark();
-
-    if (d->activation && !d->activation->marked())
-        d->activation->mark();
+        markStack.appendValues(reinterpret_cast<JSValue*>(d->extraArguments), numExtraArguments);
+    }
+
+    markStack.append(d->callee);
+
+    if (d->activation)
+        markStack.append(d->activation);
 }
 

trunk/JavaScriptCore/runtime/Arguments.h

@@ -1 +1 @@
 /*
  *  Copyright (C) 1999-2000 Harri Porten ([email protected])
- *  Copyright (C) 2003, 2006, 2007, 2008 Apple Inc. All rights reserved.
+ *  Copyright (C) 2003, 2006, 2007, 2008, 2009 Apple Inc. All rights reserved.
  *  Copyright (C) 2007 Cameron Zwarich ([email protected])
  *  Copyright (C) 2007 Maks Orlovich
@@ -62 +62 @@
         static const ClassInfo info;
 
-        virtual void mark();
+        virtual void markChildren(MarkStack&);
 
         void fillArgList(ExecState*, MarkedArgumentBuffer&);

trunk/JavaScriptCore/runtime/Collector.cpp

@@ -1 +1 @@
 /*
- *  Copyright (C) 2003, 2004, 2005, 2006, 2007, 2008 Apple Inc. All rights reserved.
+ *  Copyright (C) 2003, 2004, 2005, 2006, 2007, 2008, 2009 Apple Inc. All rights reserved.
  *  Copyright (C) 2007 Eric Seidel <[email protected]>
  *
@@ -31 +31 @@
 #include "JSString.h"
 #include "JSValue.h"
+#include "MarkStack.h"
 #include "Nodes.h"
 #include "Tracing.h"
@@ -643 +644 @@
 #define IS_HALF_CELL_ALIGNED(p) (((intptr_t)(p) & (CELL_MASK >> 1)) == 0)
 
-void Heap::markConservatively(void* start, void* end)
+void Heap::markConservatively(MarkStack& markStack, void* start, void* end)
 {
     if (start > end) {
@@ -684 +685 @@
                 if ((primaryBlocks[block] == blockAddr) & (offset <= lastCellOffset)) {
                     if (reinterpret_cast<CollectorCell*>(xAsBits)->u.freeCell.zeroIfFree != 0) {
-                        JSCell* imp = reinterpret_cast<JSCell*>(xAsBits);
-                        if (!imp->marked())
-                            imp->mark();
+                        markStack.append(reinterpret_cast<JSCell*>(xAsBits));
+                        markStack.drain();
                     }
                     break;
@@ -697 +697 @@
 }
 
-void NEVER_INLINE Heap::markCurrentThreadConservativelyInternal()
+void NEVER_INLINE Heap::markCurrentThreadConservativelyInternal(MarkStack& markStack)
 {
     void* dummy;
     void* stackPointer = &dummy;
     void* stackBase = currentThreadStackBase();
-    markConservatively(stackPointer, stackBase);
-}
-
-void Heap::markCurrentThreadConservatively()
+    markConservatively(markStack, stackPointer, stackBase);
+}
+
+void Heap::markCurrentThreadConservatively(MarkStack& markStack)
 {
     // setjmp forces volatile registers onto the stack
@@ -718 +718 @@
 #endif
 
-    markCurrentThreadConservativelyInternal();
+    markCurrentThreadConservativelyInternal(markStack);
 }
 
@@ -850 +850 @@
 }
 
-void Heap::markOtherThreadConservatively(Thread* thread)
+void Heap::markOtherThreadConservatively(MarkStack& markStack, Thread* thread)
 {
     suspendThread(thread->platformThread);
@@ -858 +858 @@
 
     // mark the thread's registers
-    markConservatively(static_cast<void*>(&regs), static_cast<void*>(reinterpret_cast<char*>(&regs) + regSize));
+    markConservatively(markStack, static_cast<void*>(&regs), static_cast<void*>(reinterpret_cast<char*>(&regs) + regSize));
 
     void* stackPointer = otherThreadStackPointer(regs);
-    markConservatively(stackPointer, thread->stackBase);
+    markConservatively(markStack, stackPointer, thread->stackBase);
 
     resumeThread(thread->platformThread);
@@ -868 +868 @@
 #endif
 
-void Heap::markStackObjectsConservatively()
-{
-    markCurrentThreadConservatively();
+void Heap::markStackObjectsConservatively(MarkStack& markStack)
+{
+    markCurrentThreadConservatively(markStack);
 
 #if ENABLE(JSC_MULTIPLE_THREADS)
@@ -880 +880 @@
 #ifndef NDEBUG
         // Forbid malloc during the mark phase. Marking a thread suspends it, so 
-        // a malloc inside mark() would risk a deadlock with a thread that had been 
+        // a malloc inside markChildren() would risk a deadlock with a thread that had been 
         // suspended while holding the malloc lock.
         fastMallocForbid();
@@ -888 +888 @@
         for (Thread* thread = m_registeredThreads; thread; thread = thread->next) {
             if (!pthread_equal(thread->posixThread, pthread_self()))
-                markOtherThreadConservatively(thread);
+                markOtherThreadConservatively(markStack, thread);
         }
 #ifndef NDEBUG
@@ -948 +948 @@
 }
 
-void Heap::markProtectedObjects()
+void Heap::markProtectedObjects(MarkStack& markStack)
 {
     if (m_protectedValuesMutex)
@@ -956 +956 @@
     for (ProtectCountSet::iterator it = m_protectedValues.begin(); it != end; ++it) {
         JSCell* val = it->first;
-        if (!val->marked())
-            val->mark();
+        if (!val->marked()) {
+            markStack.append(val);
+            markStack.drain();
+        }
     }
 
@@ -1062 +1064 @@
     return numLiveObjects;
 }
-    
+
 bool Heap::collect()
 {
@@ -1081 +1083 @@
 
     // MARK: first mark all referenced objects recursively starting out from the set of root objects
-
-    markStackObjectsConservatively();
-    markProtectedObjects();
+    MarkStack& markStack = m_globalData->markStack;
+    markStackObjectsConservatively(markStack);
+    markProtectedObjects(markStack);
     if (m_markListSet && m_markListSet->size())
-        MarkedArgumentBuffer::markLists(*m_markListSet);
+        MarkedArgumentBuffer::markLists(markStack, *m_markListSet);
     if (m_globalData->exception && !m_globalData->exception.marked())
-        m_globalData->exception.mark();
-    m_globalData->interpreter->registerFile().markCallFrames(this);
+        markStack.append(m_globalData->exception);
+    m_globalData->interpreter->registerFile().markCallFrames(markStack, this);
     m_globalData->smallStrings.mark();
     if (m_globalData->scopeNodeBeingReparsed)
-        m_globalData->scopeNodeBeingReparsed->mark();
+        m_globalData->scopeNodeBeingReparsed->markAggregate(markStack);
     if (m_globalData->firstStringifierToMark)
-        JSONObject::markStringifiers(m_globalData->firstStringifierToMark);
-
+        JSONObject::markStringifiers(markStack, m_globalData->firstStringifierToMark);
+
+    markStack.drain();
+    markStack.compact();
     JAVASCRIPTCORE_GC_MARKED();
 

trunk/JavaScriptCore/runtime/Collector.h

@@ -40 +40 @@
 namespace JSC {
 
-    class MarkedArgumentBuffer;
     class CollectorBlock;
     class JSCell;
     class JSGlobalData;
     class JSValue;
+    class MarkedArgumentBuffer;
+    class MarkStack;
 
     enum OperationInProgress { NoOperation, Allocation, Collection };
@@ -112 +113 @@
         static void markCell(JSCell*);
 
-        void markConservatively(void* start, void* end);
+        void markConservatively(MarkStack&, void* start, void* end);
 
         HashSet<MarkedArgumentBuffer*>& markListSet() { if (!m_markListSet) m_markListSet = new HashSet<MarkedArgumentBuffer*>; return *m_markListSet; }
@@ -134 +135 @@
 
         void recordExtraCost(size_t);
-        void markProtectedObjects();
-        void markCurrentThreadConservatively();
-        void markCurrentThreadConservativelyInternal();
-        void markOtherThreadConservatively(Thread*);
-        void markStackObjectsConservatively();
+        void markProtectedObjects(MarkStack&);
+        void markCurrentThreadConservatively(MarkStack&);
+        void markCurrentThreadConservativelyInternal(MarkStack&);
+        void markOtherThreadConservatively(MarkStack&, Thread*);
+        void markStackObjectsConservatively(MarkStack&);
 
         typedef HashCountedSet<JSCell*> ProtectCountSet;

trunk/JavaScriptCore/runtime/GetterSetter.cpp

@@ -2 +2 @@
  *  Copyright (C) 1999-2002 Harri Porten ([email protected])
  *  Copyright (C) 2001 Peter Kelly ([email protected])
- *  Copyright (C) 2004, 2007, 2008 Apple Inc. All rights reserved.
+ *  Copyright (C) 2004, 2007, 2008, 2009 Apple Inc. All rights reserved.
  *
  *  This library is free software; you can redistribute it and/or
@@ -29 +29 @@
 namespace JSC {
 
-void GetterSetter::mark()
+void GetterSetter::markChildren(MarkStack& markStack)
 {
-    JSCell::mark();
+    JSCell::markChildren(markStack);
 
     if (m_getter && !m_getter->marked())
-        m_getter->mark();
+        markStack.append(m_getter);
     if (m_setter && !m_setter->marked())
-        m_setter->mark();
+        markStack.append(m_setter);
 }
 

trunk/JavaScriptCore/runtime/GetterSetter.h

@@ -2 +2 @@
  *  Copyright (C) 1999-2001 Harri Porten ([email protected])
  *  Copyright (C) 2001 Peter Kelly ([email protected])
- *  Copyright (C) 2003, 2004, 2005, 2006, 2007, 2008 Apple Inc. All rights reserved.
+ *  Copyright (C) 2003, 2004, 2005, 2006, 2007, 2008, 2009 Apple Inc. All rights reserved.
  *
  *  This library is free software; you can redistribute it and/or
@@ -34 +34 @@
     class GetterSetter : public JSCell {
     public:
-        GetterSetter()
-            : JSCell(0)
+        GetterSetter(ExecState* exec)
+            : JSCell(exec->globalData().getterSetterStructure.get())
             , m_getter(0)
             , m_setter(0)
@@ -41 +41 @@
         }
 
-        virtual void mark();
+        virtual void markChildren(MarkStack&);
 
         JSObject* getter() const { return m_getter; }
@@ -47 +47 @@
         JSObject* setter() const { return m_setter; }
         void setSetter(JSObject* setter) { m_setter = setter; }
-
+        static PassRefPtr<Structure> createStructure(JSValue prototype)
+        {
+            return Structure::create(prototype, TypeInfo(GetterSetterType));
+        }
     private:
         virtual bool isGetterSetter() const;

trunk/JavaScriptCore/runtime/GlobalEvalFunction.cpp

@@ -2 +2 @@
  *  Copyright (C) 1999-2002 Harri Porten ([email protected])
  *  Copyright (C) 2001 Peter Kelly ([email protected])
- *  Copyright (C) 2003, 2004, 2005, 2006, 2007, 2008 Apple Inc. All rights reserved.
+ *  Copyright (C) 2003, 2004, 2005, 2006, 2007, 2008, 2009 Apple Inc. All rights reserved.
  *  Copyright (C) 2007 Cameron Zwarich ([email protected])
  *  Copyright (C) 2007 Maks Orlovich
@@ -40 +40 @@
 }
 
-void GlobalEvalFunction::mark()
+void GlobalEvalFunction::markChildren(MarkStack& markStack)
 {
-    PrototypeFunction::mark();
-    if (!m_cachedGlobalObject->marked())
-        m_cachedGlobalObject->mark();
+    PrototypeFunction::markChildren(markStack);
+    markStack.append(m_cachedGlobalObject);
 }
 

trunk/JavaScriptCore/runtime/GlobalEvalFunction.h

@@ -1 +1 @@
 /*
  *  Copyright (C) 1999-2000 Harri Porten ([email protected])
- *  Copyright (C) 2003, 2006, 2007, 2008 Apple Inc. All rights reserved.
+ *  Copyright (C) 2003, 2006, 2007, 2008, 2009 Apple Inc. All rights reserved.
  *  Copyright (C) 2007 Cameron Zwarich ([email protected])
  *  Copyright (C) 2007 Maks Orlovich
@@ -37 +37 @@
 
     private:
-        virtual void mark();
+        virtual void markChildren(MarkStack&);
 
         JSGlobalObject* m_cachedGlobalObject;

trunk/JavaScriptCore/runtime/JSAPIValueWrapper.h

@@ -27 +27 @@
 
 #include "JSCell.h"
+#include "CallFrame.h"
 
 namespace JSC {
@@ -43 +44 @@
         virtual UString toString(ExecState*) const;
         virtual JSObject* toObject(ExecState*) const;
+        static PassRefPtr<Structure> createStructure(JSValue prototype)
+        {
+            return Structure::create(prototype, TypeInfo(CompoundType));
+        }
 
+        
     private:
-        JSAPIValueWrapper(JSValue value)
-            : JSCell(0)
+        JSAPIValueWrapper(ExecState* exec, JSValue value)
+            : JSCell(exec->globalData().apiWrapperStructure.get())
             , m_value(value)
         {
@@ -56 +62 @@
     inline JSValue jsAPIValueWrapper(ExecState* exec, JSValue value)
     {
-        return new (exec) JSAPIValueWrapper(value);
+        return new (exec) JSAPIValueWrapper(exec, value);
     }
 

trunk/JavaScriptCore/runtime/JSActivation.cpp

@@ -1 +1 @@
 /*
- * Copyright (C) 2008 Apple Inc. All rights reserved.
+ * Copyright (C) 2008, 2009 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -50 +50 @@
 }
 
-void JSActivation::mark()
+void JSActivation::markChildren(MarkStack& markStack)
 {
-    Base::mark();
+    Base::markChildren(markStack);
 
     Register* registerArray = d()->registerArray.get();
@@ -60 +60 @@
     size_t numParametersMinusThis = d()->functionBody->generatedBytecode().m_numParameters - 1;
 
-    size_t i = 0;
-    size_t count = numParametersMinusThis; 
-    for ( ; i < count; ++i) {
-        Register& r = registerArray[i];
-        if (!r.marked())
-            r.mark();
-    }
+    size_t count = numParametersMinusThis;
+    markStack.appendValues(registerArray, count);
 
     size_t numVars = d()->functionBody->generatedBytecode().m_numVars;
 
     // Skip the call frame, which sits between the parameters and vars.
-    i += RegisterFile::CallFrameHeaderSize;
-    count += RegisterFile::CallFrameHeaderSize + numVars;
-
-    for ( ; i < count; ++i) {
-        Register& r = registerArray[i];
-        if (r.jsValue() && !r.marked())
-            r.mark();
-    }
+    markStack.appendValues(registerArray + count + RegisterFile::CallFrameHeaderSize, numVars, MayContainNullValues);
 }
 

trunk/JavaScriptCore/runtime/JSActivation.h

@@ -1 +1 @@
 /*
- * Copyright (C) 2008 Apple Inc. All rights reserved.
+ * Copyright (C) 2008, 2009 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -47 +47 @@
         virtual ~JSActivation();
 
-        virtual void mark();
+        virtual void markChildren(MarkStack&);
 
         virtual bool isDynamicScope() const;

trunk/JavaScriptCore/runtime/JSArray.cpp

@@ -1 +1 @@
 /*
  *  Copyright (C) 1999-2000 Harri Porten ([email protected])
- *  Copyright (C) 2003, 2007, 2008 Apple Inc. All rights reserved.
+ *  Copyright (C) 2003, 2007, 2008, 2009 Apple Inc. All rights reserved.
  *  Copyright (C) 2003 Peter Kelly ([email protected])
  *  Copyright (C) 2006 Alexey Proskuryakov ([email protected])
@@ -602 +602 @@
 }
 
-void JSArray::mark()
-{
-    JSObject::mark();
+void JSArray::markChildren(MarkStack& markStack)
+{
+    JSObject::markChildren(markStack);
 
     ArrayStorage* storage = m_storage;
 
     unsigned usedVectorLength = min(storage->m_length, storage->m_vectorLength);
-    for (unsigned i = 0; i < usedVectorLength; ++i) {
-        JSValue value = storage->m_vector[i];
-        if (value && !value.marked())
-            value.mark();
-    }
+    markStack.appendValues(storage->m_vector, usedVectorLength, MayContainNullValues);
 
     if (SparseArrayValueMap* map = storage->m_sparseValueMap) {
         SparseArrayValueMap::iterator end = map->end();
-        for (SparseArrayValueMap::iterator it = map->begin(); it != end; ++it) {
-            JSValue value = it->second;
-            if (!value.marked())
-                value.mark();
-        }
+        for (SparseArrayValueMap::iterator it = map->begin(); it != end; ++it)
+            markStack.append(it->second);
     }
 }

trunk/JavaScriptCore/runtime/JSArray.h

@@ -1 +1 @@
 /*
  *  Copyright (C) 1999-2000 Harri Porten ([email protected])
- *  Copyright (C) 2003, 2007, 2008 Apple Inc. All rights reserved.
+ *  Copyright (C) 2003, 2007, 2008, 2009 Apple Inc. All rights reserved.
  *
  *  This library is free software; you can redistribute it and/or
@@ -89 +89 @@
         virtual bool deleteProperty(ExecState*, unsigned propertyName);
         virtual void getPropertyNames(ExecState*, PropertyNameArray&);
-        virtual void mark();
+        virtual void markChildren(MarkStack&);
 
         void* lazyCreationData();

trunk/JavaScriptCore/runtime/JSCell.h

@@ -2 +2 @@
  *  Copyright (C) 1999-2001 Harri Porten ([email protected])
  *  Copyright (C) 2001 Peter Kelly ([email protected])
- *  Copyright (C) 2003, 2004, 2005, 2007, 2008 Apple Inc. All rights reserved.
+ *  Copyright (C) 2003, 2004, 2005, 2007, 2008, 2009 Apple Inc. All rights reserved.
  *
  *  This library is free software; you can redistribute it and/or
@@ -86 +86 @@
         void* operator new(size_t, JSGlobalData*);
         void* operator new(size_t, void* placementNewDestination) { return placementNewDestination; }
-        virtual void mark();
+
+        void markCellDirect();
+        virtual void markChildren(MarkStack&);
         bool marked() const;
 
@@ -154 +156 @@
     }
 
-    inline void JSCell::mark()
-    {
-        return Heap::markCell(this);
+    inline void JSCell::markCellDirect()
+    {
+        Heap::markCell(this);
+    }
+
+    inline void JSCell::markChildren(MarkStack&)
+    {
+        ASSERT(marked());
     }
 
@@ -225 +232 @@
     }
 
-    inline void JSValue::mark()
-    {
-        asCell()->mark(); // callers should check !marked() before calling mark(), so this should only be called with cells
+    inline void JSValue::markDirect()
+    {
+        ASSERT(!marked());
+        asCell()->markCellDirect();
+    }
+
+    inline void JSValue::markChildren(MarkStack& markStack)
+    {
+        ASSERT(marked());
+        asCell()->markChildren(markStack);
     }
 
@@ -340 +354 @@
         return JSValue();
     }
+    
+    inline bool JSValue::hasChildren() const
+    {
+        return asCell()->structure()->typeInfo().type() >= CompoundType;
+    }
+    
 
     inline JSObject* JSValue::toObject(ExecState* exec) const
@@ -351 +371 @@
     }
 
+    ALWAYS_INLINE void MarkStack::append(JSCell* cell)
+    {
+        ASSERT(cell);
+        if (cell->marked())
+            return;
+        cell->markCellDirect();
+        if (cell->structure()->typeInfo().type() >= CompoundType)
+            m_values.append(cell);
+    }
+
+    inline void MarkStack::drain() {
+        while (!m_markSets.isEmpty() || !m_values.isEmpty()) {
+            while ((!m_markSets.isEmpty()) && m_values.size() < 50) {
+                const MarkSet& current = m_markSets.removeLast();
+                JSValue* ptr = current.m_values;
+                JSValue* end = current.m_end;
+                if (current.m_properties == NoNullValues) {
+                    while (ptr != end)
+                        append(*ptr++);
+                } else {
+                    while (ptr != end) {
+                        if (JSValue value = *ptr++)
+                            append(value);
+                    }
+                }
+            }
+            while (!m_values.isEmpty()) {
+                JSCell* current = m_values.removeLast();
+                ASSERT(current->marked());
+                current->markChildren(*this);
+            }
+        }
+    }
 } // namespace JSC
 

trunk/JavaScriptCore/runtime/JSFunction.cpp

@@ -2 +2 @@
  *  Copyright (C) 1999-2002 Harri Porten ([email protected])
  *  Copyright (C) 2001 Peter Kelly ([email protected])
- *  Copyright (C) 2003, 2004, 2005, 2006, 2007, 2008 Apple Inc. All rights reserved.
+ *  Copyright (C) 2003, 2004, 2005, 2006, 2007, 2008, 2009 Apple Inc. All rights reserved.
  *  Copyright (C) 2007 Cameron Zwarich ([email protected])
  *  Copyright (C) 2007 Maks Orlovich
@@ -84 +84 @@
 }
 
-void JSFunction::mark()
-{
-    Base::mark();
-    m_body->mark();
+void JSFunction::markChildren(MarkStack& markStack)
+{
+    Base::markChildren(markStack);
+    m_body->markAggregate(markStack);
     if (!isHostFunction())
-        scopeChain().mark();
+        scopeChain().markAggregate(markStack);
 }
 

trunk/JavaScriptCore/runtime/JSFunction.h

@@ -69 +69 @@
         FunctionBodyNode* body() const { return m_body.get(); }
 
-        virtual void mark();
+        virtual void markChildren(MarkStack&);
 
         static JS_EXPORTDATA const ClassInfo info;

trunk/JavaScriptCore/runtime/JSGlobalData.cpp

@@ -34 +34 @@
 #include "CommonIdentifiers.h"
 #include "FunctionConstructor.h"
+#include "GetterSetter.h"
 #include "Interpreter.h"
 #include "JSActivation.h"
+#include "JSAPIValueWrapper.h"
 #include "JSArray.h"
 #include "JSByteArray.h"
@@ -42 +44 @@
 #include "JSLock.h"
 #include "JSNotAnObject.h"
+#include "JSPropertyNameIterator.h"
 #include "JSStaticScopeObject.h"
 #include "Parser.h"
@@ -119 +122 @@
     , notAnObjectErrorStubStructure(JSNotAnObjectErrorStub::createStructure(jsNull()))
     , notAnObjectStructure(JSNotAnObject::createStructure(jsNull()))
+    , propertyNameIteratorStructure(JSPropertyNameIterator::createStructure(jsNull()))
+    , getterSetterStructure(GetterSetter::createStructure(jsNull()))
+    , apiWrapperStructure(JSAPIValueWrapper::createStructure(jsNull()))
 #if USE(JSVALUE32)
     , numberStructure(JSNumberCell::createStructure(jsNull()))

trunk/JavaScriptCore/runtime/JSGlobalData.h

@@ -34 +34 @@
 #include "JITStubs.h"
 #include "JSValue.h"
+#include "MarkStack.h"
 #include "SmallStrings.h"
 #include "TimeoutChecker.h"
@@ -98 +99 @@
         RefPtr<Structure> notAnObjectErrorStubStructure;
         RefPtr<Structure> notAnObjectStructure;
+        RefPtr<Structure> propertyNameIteratorStructure;
+        RefPtr<Structure> getterSetterStructure;
+        RefPtr<Structure> apiWrapperStructure;
+
 #if USE(JSVALUE32)
         RefPtr<Structure> numberStructure;
@@ -144 +149 @@
         Stringifier* firstStringifierToMark;
 
+        MarkStack markStack;
     private:
         JSGlobalData(bool isShared, const VPtrSet&);

trunk/JavaScriptCore/runtime/JSGlobalObject.cpp

@@ -81 +81 @@
 static const int preferredScriptCheckTimeInterval = 1000;
 
-static inline void markIfNeeded(JSValue v)
-{
-    if (v && !v.marked())
-        v.mark();
-}
-
-static inline void markIfNeeded(const RefPtr<Structure>& s)
+static inline void markIfNeeded(MarkStack& markStack, JSValue v)
+{
+    if (v)
+        markStack.append(v);
+}
+
+static inline void markIfNeeded(MarkStack& markStack, const RefPtr<Structure>& s)
 {
     if (s)
-        s->mark();
+        s->markAggregate(markStack);
 }
 
@@ -358 +358 @@
 }
 
-void JSGlobalObject::mark()
-{
-    JSVariableObject::mark();
+void JSGlobalObject::markChildren(MarkStack& markStack)
+{
+    JSVariableObject::markChildren(markStack);
     
     HashSet<ProgramCodeBlock*>::const_iterator end = codeBlocks().end();
     for (HashSet<ProgramCodeBlock*>::const_iterator it = codeBlocks().begin(); it != end; ++it)
-        (*it)->mark();
+        (*it)->markAggregate(markStack);
 
     RegisterFile& registerFile = globalData()->interpreter->registerFile();
     if (registerFile.globalObject() == this)
-        registerFile.markGlobals(&globalData()->heap);
-
-    markIfNeeded(d()->regExpConstructor);
-    markIfNeeded(d()->errorConstructor);
-    markIfNeeded(d()->evalErrorConstructor);
-    markIfNeeded(d()->rangeErrorConstructor);
-    markIfNeeded(d()->referenceErrorConstructor);
-    markIfNeeded(d()->syntaxErrorConstructor);
-    markIfNeeded(d()->typeErrorConstructor);
-    markIfNeeded(d()->URIErrorConstructor);
-
-    markIfNeeded(d()->evalFunction);
-    markIfNeeded(d()->callFunction);
-    markIfNeeded(d()->applyFunction);
-
-    markIfNeeded(d()->objectPrototype);
-    markIfNeeded(d()->functionPrototype);
-    markIfNeeded(d()->arrayPrototype);
-    markIfNeeded(d()->booleanPrototype);
-    markIfNeeded(d()->stringPrototype);
-    markIfNeeded(d()->numberPrototype);
-    markIfNeeded(d()->datePrototype);
-    markIfNeeded(d()->regExpPrototype);
-
-    markIfNeeded(d()->methodCallDummy);
-
-    markIfNeeded(d()->errorStructure);
+        registerFile.markGlobals(markStack, &globalData()->heap);
+
+    markIfNeeded(markStack, d()->regExpConstructor);
+    markIfNeeded(markStack, d()->errorConstructor);
+    markIfNeeded(markStack, d()->evalErrorConstructor);
+    markIfNeeded(markStack, d()->rangeErrorConstructor);
+    markIfNeeded(markStack, d()->referenceErrorConstructor);
+    markIfNeeded(markStack, d()->syntaxErrorConstructor);
+    markIfNeeded(markStack, d()->typeErrorConstructor);
+    markIfNeeded(markStack, d()->URIErrorConstructor);
+
+    markIfNeeded(markStack, d()->evalFunction);
+    markIfNeeded(markStack, d()->callFunction);
+    markIfNeeded(markStack, d()->applyFunction);
+
+    markIfNeeded(markStack, d()->objectPrototype);
+    markIfNeeded(markStack, d()->functionPrototype);
+    markIfNeeded(markStack, d()->arrayPrototype);
+    markIfNeeded(markStack, d()->booleanPrototype);
+    markIfNeeded(markStack, d()->stringPrototype);
+    markIfNeeded(markStack, d()->numberPrototype);
+    markIfNeeded(markStack, d()->datePrototype);
+    markIfNeeded(markStack, d()->regExpPrototype);
+
+    markIfNeeded(markStack, d()->methodCallDummy);
+
+    markIfNeeded(markStack, d()->errorStructure);
 
     // No need to mark the other structures, because their prototypes are all
@@ -404 +404 @@
 
     size_t size = d()->registerArraySize;
-    for (size_t i = 0; i < size; ++i) {
-        Register& r = registerArray[i];
-        if (!r.marked())
-            r.mark();
-    }
+    markStack.appendValues(reinterpret_cast<JSValue*>(registerArray), size);
 }
 

trunk/JavaScriptCore/runtime/JSGlobalObject.h

@@ -1 +1 @@
 /*
  *  Copyright (C) 2007 Eric Seidel <[email protected]>
- *  Copyright (C) 2007, 2008 Apple Inc. All rights reserved.
+ *  Copyright (C) 2007, 2008, 2009 Apple Inc. All rights reserved.
  *
  *  This library is free software; you can redistribute it and/or
@@ -167 +167 @@
         virtual ~JSGlobalObject();
 
-        virtual void mark();
+        virtual void markChildren(MarkStack&);
 
         virtual bool getOwnPropertySlot(ExecState*, const Identifier&, PropertySlot&);

trunk/JavaScriptCore/runtime/JSNotAnObject.cpp

@@ -1 +1 @@
 /*
- * Copyright (C) 2008 Apple Inc. All rights reserved.
+ * Copyright (C) 2008, 2009 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -75 +75 @@
 
 // Marking
-void JSNotAnObject::mark()
+void JSNotAnObject::markChildren(MarkStack& markStack)
 {
-    JSCell::mark();
-    if (!m_exception->marked())
-        m_exception->mark();
+    JSObject::markChildren(markStack);
+    markStack.append(m_exception);
 }
 

trunk/JavaScriptCore/runtime/JSNotAnObject.h

@@ -1 +1 @@
 /*
- * Copyright (C) 2008 Apple Inc. All rights reserved.
+ * Copyright (C) 2008, 2009 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -76 +76 @@
 
         // Marking
-        virtual void mark();
+        virtual void markChildren(MarkStack&);
 
         // JSObject methods

trunk/JavaScriptCore/runtime/JSONObject.cpp

@@ -68 +68 @@
     JSValue stringify(JSValue);
 
-    void mark();
+    void markAggregate(MarkStack&);
 
 private:
@@ -222 +222 @@
 }
 
-void Stringifier::mark()
+void Stringifier::markAggregate(MarkStack& markStack)
 {
     for (Stringifier* stringifier = this; stringifier; stringifier = stringifier->m_nextStringifierToMark) {
         size_t size = m_holderStack.size();
-        for (size_t i = 0; i < size; ++i) {
-            JSObject* object = m_holderStack[i].object();
-            if (!object->marked())
-                object->mark();
-        }
+        for (size_t i = 0; i < size; ++i)
+            markStack.append(m_holderStack[i].object());
     }
 }
@@ -585 +582 @@
 }
 
-void JSONObject::markStringifiers(Stringifier* stringifier)
-{
-    stringifier->mark();
+void JSONObject::markStringifiers(MarkStack& markStack, Stringifier* stringifier)
+{
+    stringifier->markAggregate(markStack);
 }
 

trunk/JavaScriptCore/runtime/JSONObject.h

@@ -45 +45 @@
         }
 
-        static void markStringifiers(Stringifier*);
+        static void markStringifiers(MarkStack&, Stringifier*);
 
     private:

trunk/JavaScriptCore/runtime/JSObject.cpp

@@ -2 +2 @@
  *  Copyright (C) 1999-2001 Harri Porten ([email protected])
  *  Copyright (C) 2001 Peter Kelly ([email protected])
- *  Copyright (C) 2003, 2004, 2005, 2006, 2008 Apple Inc. All rights reserved.
+ *  Copyright (C) 2003, 2004, 2005, 2006, 2008, 2009 Apple Inc. All rights reserved.
  *  Copyright (C) 2007 Eric Seidel ([email protected])
  *
@@ -63 +63 @@
 ASSERT_CLASS_FITS_IN_CELL(JSObject);
 
-void JSObject::mark()
+void JSObject::markChildren(MarkStack& markStack)
 {
     JSOBJECT_MARK_BEGIN();
 
-    JSCell::mark();
-    m_structure->mark();
+    JSCell::markChildren(markStack);
+    m_structure->markAggregate(markStack);
 
     PropertyStorage storage = propertyStorage();
-
     size_t storageSize = m_structure->propertyStorageSize();
-    for (size_t i = 0; i < storageSize; ++i) {
-        JSValue v = JSValue::decode(storage[i]);
-        if (!v.marked())
-            v.mark();
-    }
+    markStack.appendValues(reinterpret_cast<JSValue*>(storage), storageSize);
 
     JSOBJECT_MARK_END();
@@ -311 +306 @@
 
     PutPropertySlot slot;
-    GetterSetter* getterSetter = new (exec) GetterSetter;
+    GetterSetter* getterSetter = new (exec) GetterSetter(exec);
     putDirectInternal(exec->globalData(), propertyName, getterSetter, Getter, true, slot);
 
@@ -338 +333 @@
 
     PutPropertySlot slot;
-    GetterSetter* getterSetter = new (exec) GetterSetter;
+    GetterSetter* getterSetter = new (exec) GetterSetter(exec);
     putDirectInternal(exec->globalData(), propertyName, getterSetter, Setter, true, slot);
 

trunk/JavaScriptCore/runtime/JSObject.h

@@ -2 +2 @@
  *  Copyright (C) 1999-2001 Harri Porten ([email protected])
  *  Copyright (C) 2001 Peter Kelly ([email protected])
- *  Copyright (C) 2003, 2004, 2005, 2006, 2007, 2008 Apple Inc. All rights reserved.
+ *  Copyright (C) 2003, 2004, 2005, 2006, 2007, 2008, 2009 Apple Inc. All rights reserved.
  *
  *  This library is free software; you can redistribute it and/or
@@ -74 +74 @@
         explicit JSObject(PassRefPtr<Structure>);
 
-        virtual void mark();
+        virtual void markChildren(MarkStack&);
 
         // The inline virtual destructor cannot be the first virtual function declared

trunk/JavaScriptCore/runtime/JSPropertyNameIterator.cpp

@@ -1 +1 @@
 /*
- * Copyright (C) 2008 Apple Inc. All rights reserved.
+ * Copyright (C) 2008, 2009 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -74 +74 @@
 }
 
-void JSPropertyNameIterator::mark()
+void JSPropertyNameIterator::markChildren(MarkStack& markStack)
 {
-    JSCell::mark();
-    if (m_object && !m_object->marked())
-        m_object->mark();
+    JSCell::markChildren(markStack);
+    if (m_object)
+        markStack.append(m_object);
 }
 

trunk/JavaScriptCore/runtime/JSPropertyNameIterator.h

@@ -1 +1 @@
 /*
- * Copyright (C) 2008 Apple Inc. All rights reserved.
+ * Copyright (C) 2008, 2009 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -52 +52 @@
         virtual JSObject* toObject(ExecState*) const;
 
-        virtual void mark();
+        virtual void markChildren(MarkStack&);
 
         JSValue next(ExecState*);
         void invalidate();
-
+        
+        static PassRefPtr<Structure> createStructure(JSValue prototype)
+        {
+            return Structure::create(prototype, TypeInfo(CompoundType));
+        }
     private:
-        JSPropertyNameIterator();
-        JSPropertyNameIterator(JSObject*, PassRefPtr<PropertyNameArrayData> propertyNameArrayData);
+        JSPropertyNameIterator(ExecState*);
+        JSPropertyNameIterator(ExecState*, JSObject*, PassRefPtr<PropertyNameArrayData> propertyNameArrayData);
 
         JSObject* m_object;
@@ -67 +71 @@
     };
 
-inline JSPropertyNameIterator::JSPropertyNameIterator()
-    : JSCell(0)
+inline JSPropertyNameIterator::JSPropertyNameIterator(ExecState* exec)
+    : JSCell(exec->globalData().propertyNameIteratorStructure.get())
     , m_object(0)
     , m_position(0)
@@ -75 +79 @@
 }
 
-inline JSPropertyNameIterator::JSPropertyNameIterator(JSObject* object, PassRefPtr<PropertyNameArrayData> propertyNameArrayData)
-    : JSCell(0)
+inline JSPropertyNameIterator::JSPropertyNameIterator(ExecState* exec, JSObject* object, PassRefPtr<PropertyNameArrayData> propertyNameArrayData)
+    : JSCell(exec->globalData().propertyNameIteratorStructure.get())
     , m_object(object)
     , m_data(propertyNameArrayData)
@@ -87 +91 @@
 {
     if (v.isUndefinedOrNull())
-        return new (exec) JSPropertyNameIterator;
+        return new (exec) JSPropertyNameIterator(exec);
 
     JSObject* o = v.toObject(exec);
     PropertyNameArray propertyNames(exec);
     o->getPropertyNames(exec, propertyNames);
-    return new (exec) JSPropertyNameIterator(o, propertyNames.releaseData());
+    return new (exec) JSPropertyNameIterator(exec, o, propertyNames.releaseData());
 }
 

trunk/JavaScriptCore/runtime/JSStaticScopeObject.cpp

@@ -1 +1 @@
 /*
- * Copyright (C) 2008 Apple Inc. All Rights Reserved.
+ * Copyright (C) 2008, 2009 Apple Inc. All Rights Reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -32 +32 @@
 ASSERT_CLASS_FITS_IN_CELL(JSStaticScopeObject);
 
-void JSStaticScopeObject::mark()
+void JSStaticScopeObject::markChildren(MarkStack& markStack)
 {
-    JSVariableObject::mark();
-    
-    if (!d()->registerStore.marked())
-        d()->registerStore.mark();
+    JSVariableObject::markChildren(markStack);
+    markStack.append(d()->registerStore.jsValue());
 }
 

trunk/JavaScriptCore/runtime/JSStaticScopeObject.h

@@ -1 +1 @@
 /*
- * Copyright (C) 2008 Apple Inc. All Rights Reserved.
+ * Copyright (C) 2008, 2009 Apple Inc. All Rights Reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -51 +51 @@
         }
         virtual ~JSStaticScopeObject();
-        virtual void mark();
+        virtual void markChildren(MarkStack&);
         bool isDynamicScope() const;
         virtual JSObject* toThisObject(ExecState*) const;

trunk/JavaScriptCore/runtime/JSType.h

@@ -34 +34 @@
         NullType          = 4,
         StringType        = 5,
-        ObjectType        = 6,
-        GetterSetterType  = 7
+        
+        // The CompoundType value must come before any JSType that may have children
+        CompoundType      = 6,
+        ObjectType        = 7,
+        GetterSetterType  = 8
     };
 

trunk/JavaScriptCore/runtime/JSValue.h

@@ -2 +2 @@
  *  Copyright (C) 1999-2001 Harri Porten ([email protected])
  *  Copyright (C) 2001 Peter Kelly ([email protected])
- *  Copyright (C) 2003, 2004, 2005, 2007, 2008 Apple Inc. All rights reserved.
+ *  Copyright (C) 2003, 2004, 2005, 2007, 2008, 2009 Apple Inc. All rights reserved.
  *
  *  This library is free software; you can redistribute it and/or
@@ -43 +43 @@
     class JSObject;
     class JSString;
+    class MarkStack;
     class PropertySlot;
     class PutPropertySlot;
@@ -173 +174 @@
 
         // Garbage collection.
-        void mark();
+        void markChildren(MarkStack&);
+        bool hasChildren() const;
         bool marked() const;
+        void markDirect();
 
         // Object operations, with the toObject operation included.

trunk/JavaScriptCore/runtime/JSWrapperObject.cpp

@@ -1 +1 @@
 /*
  *  Copyright (C) 2006 Maks Orlovich
- *  Copyright (C) 2006 Apple Computer, Inc.
+ *  Copyright (C) 2006, 2009 Apple, Inc.
  *
  *  This library is free software; you can redistribute it and/or
@@ -27 +27 @@
 ASSERT_CLASS_FITS_IN_CELL(JSWrapperObject);
 
-void JSWrapperObject::mark() 
+void JSWrapperObject::markChildren(MarkStack& markStack) 
 {
-    JSObject::mark();
-    if (m_internalValue && !m_internalValue.marked())
-        m_internalValue.mark();
+    JSObject::markChildren(markStack);
+    if (m_internalValue)
+        markStack.append(m_internalValue);
 }
 

trunk/JavaScriptCore/runtime/JSWrapperObject.h

@@ -37 +37 @@
         void setInternalValue(JSValue);
         
-        virtual void mark();
+        virtual void markChildren(MarkStack&);
         
     private:

trunk/JavaScriptCore/runtime/MarkStack.cpp

@@ -1 +1 @@
 /*
- * Copyright (C) 2008, 2009 Apple Inc. All Rights Reserved.
+ * Copyright (C) 2009 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -25 +25 @@
 
 #include "config.h"
+#include "MarkStack.h"
 
-#if ENABLE(WORKERS)
+namespace JSC
+{
 
-#include "JSWorker.h"
+size_t MarkStack::s_pageSize = 0;
 
-#include "JSDOMGlobalObject.h"
-#include "Worker.h"
-
-using namespace JSC;
-
-namespace WebCore {
-    
-void JSWorker::mark()
+void MarkStack::compact()
 {
-    Base::mark();
-
-    markIfNotNull(static_cast<Worker*>(impl())->onmessage());
+    ASSERT(s_pageSize);
+    m_values.shrinkAllocation(s_pageSize);
+    m_markSets.shrinkAllocation(s_pageSize);
 }
 
-} // namespace WebCore
-
-#endif // ENABLE(WORKERS)
+}

trunk/JavaScriptCore/runtime/MarkStackPosix.cpp

@@ -1 +1 @@
 /*
- * Copyright (C) 2008, 2009 Apple Inc. All Rights Reserved.
+ * Copyright (C) 2009 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -26 +26 @@
 #include "config.h"
 
-#if ENABLE(WORKERS)
 
-#include "JSWorker.h"
+#include "MarkStack.h"
+#include <sys/mman.h>
 
-#include "JSDOMGlobalObject.h"
-#include "Worker.h"
-
-using namespace JSC;
-
-namespace WebCore {
-    
-void JSWorker::mark()
+namespace JSC {
+void* MarkStack::allocateStack(size_t size)
 {
-    Base::mark();
-
-    markIfNotNull(static_cast<Worker*>(impl())->onmessage());
+    return mmap(0, size, PROT_READ | PROT_WRITE, MAP_PRIVATE | MAP_ANON, -1, 0);
+}
+void MarkStack::releaseStack(void* addr, size_t size)
+{
+    munmap(addr, size);
 }
 
-} // namespace WebCore
-
-#endif // ENABLE(WORKERS)
+}

trunk/JavaScriptCore/runtime/MarkStackWin.cpp

@@ -1 +1 @@
 /*
- * Copyright (C) 2008, 2009 Apple Inc. All Rights Reserved.
+ * Copyright (C) 2009 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -26 +26 @@
 #include "config.h"
 
-#if ENABLE(WORKERS)
 
-#include "JSWorker.h"
+#include "MarkStack.h"
 
-#include "JSDOMGlobalObject.h"
-#include "Worker.h"
+#include "windows.h"
 
-using namespace JSC;
-
-namespace WebCore {
-    
-void JSWorker::mark()
+namespace JSC {
+void* MarkStack::allocateStack(size_t size)
 {
-    Base::mark();
-
-    markIfNotNull(static_cast<Worker*>(impl())->onmessage());
+    return VirtualAlloc(0, size, MEM_COMMIT | MEM_RESERVE, PAGE_READWRITE);
+}
+void MarkStack::releaseStack(void* addr, size_t size)
+{
+    VirtualFree(addr, size, MEM_RELEASE);
 }
 
-} // namespace WebCore
-
-#endif // ENABLE(WORKERS)
+}

trunk/JavaScriptCore/runtime/ScopeChain.h

@@ -1 +1 @@
 /*
- *  Copyright (C) 2003, 2008 Apple Inc. All rights reserved.
+ *  Copyright (C) 2003, 2008, 2009 Apple Inc. All rights reserved.
  *
  *  This library is free software; you can redistribute it and/or
@@ -205 +205 @@
         JSGlobalObject* globalObject() const { return m_node->globalObject(); }
 
-        void mark() const;
+        void markAggregate(MarkStack&) const;
 
         // Caution: this should only be used if the codeblock this is being used

trunk/JavaScriptCore/runtime/ScopeChainMark.h

@@ -1 +1 @@
 /*
- *  Copyright (C) 2003, 2006, 2008 Apple Inc. All rights reserved.
+ *  Copyright (C) 2003, 2006, 2008, 2009 Apple Inc. All rights reserved.
  *
  *  This library is free software; you can redistribute it and/or
@@ -26 +26 @@
 namespace JSC {
 
-    inline void ScopeChain::mark() const
+    inline void ScopeChain::markAggregate(MarkStack& markStack) const
     {
-        for (ScopeChainNode* n = m_node; n; n = n->next) {
-            JSObject* o = n->object;
-            if (!o->marked())
-                o->mark();
-        }
+        for (ScopeChainNode* n = m_node; n; n = n->next)
+            markStack.append(n->object);
     }
 

trunk/JavaScriptCore/runtime/SmallStrings.cpp

@@ -86 +86 @@
 {
     if (m_emptyString && !m_emptyString->marked())
-        m_emptyString->mark();
+        m_emptyString->markCellDirect();
     for (unsigned i = 0; i < numCharactersToStore; ++i) {
         if (m_singleCharacterStrings[i] && !m_singleCharacterStrings[i]->marked())
-            m_singleCharacterStrings[i]->mark();
+            m_singleCharacterStrings[i]->markCellDirect();
     }
 }

trunk/JavaScriptCore/runtime/Structure.h

@@ -1 +1 @@
 /*
- * Copyright (C) 2008 Apple Inc. All rights reserved.
+ * Copyright (C) 2008, 2009 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -30 +30 @@
 #include "JSType.h"
 #include "JSValue.h"
+#include "MarkStack.h"
 #include "PropertyMapHashTable.h"
 #include "StructureChain.h"
@@ -73 +74 @@
         ~Structure();
 
-        void mark()
-        {
-            if (!m_prototype.marked())
-                m_prototype.mark();
+        void markAggregate(MarkStack& markStack)
+        {
+            markStack.append(m_prototype);
         }