Changeset 77006 in webkit for trunk/Source/JavaScriptCore/runtime/JSObject.h

Timestamp:

Jan 28, 2011, 3:39:54 PM (15 years ago)

Author:

[email protected]

Message:

2011-01-27 Oliver Hunt <​[email protected]>

Reviewed by Geoffrey Garen.

Convert markstack to a slot visitor API
​https://bugs.webkit.org/show_bug.cgi?id=53219

Move the MarkStack over to a slot based marking API.

In order to avoiding aliasing concerns there are two new types
that need to be used when holding on to JSValues and JSCell that
need to be marked: WriteBarrier and DeprecatedPtr. WriteBarrier
is expected to be used for any JSValue or Cell that's lifetime and
marking is controlled by another GC object. DeprecatedPtr is used
for any value that we need to rework ownership for.

The change over to this model has produced a large amount of
code changes, but they are mostly mechanical (forwarding JSGlobalData,
etc).

• API/JSCallbackObject.h: (JSC::JSCallbackObjectData::setPrivateProperty): (JSC::JSCallbackObjectData::JSPrivatePropertyMap::getPrivateProperty): (JSC::JSCallbackObjectData::JSPrivatePropertyMap::setPrivateProperty): (JSC::JSCallbackObjectData::JSPrivatePropertyMap::markChildren): (JSC::JSCallbackObject::setPrivateProperty):
• API/JSCallbackObjectFunctions.h: (JSC::::put): (JSC::::staticFunctionGetter):
• API/JSObjectRef.cpp: (JSObjectMakeConstructor): (JSObjectSetPrivateProperty):
• API/JSWeakObjectMapRefInternal.h:
• JavaScriptCore.exp:
• JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
• JavaScriptCore.xcodeproj/project.pbxproj:
• bytecode/CodeBlock.cpp: (JSC::CodeBlock::markAggregate):
• bytecode/CodeBlock.h: (JSC::CodeBlock::globalObject):
• bytecompiler/BytecodeGenerator.cpp: (JSC::BytecodeGenerator::BytecodeGenerator): (JSC::BytecodeGenerator::emitJumpIfNotFunctionCall): (JSC::BytecodeGenerator::emitJumpIfNotFunctionApply): (JSC::BytecodeGenerator::findScopedProperty):
• debugger/DebuggerActivation.cpp: (JSC::DebuggerActivation::DebuggerActivation): (JSC::DebuggerActivation::markChildren):
• debugger/DebuggerActivation.h:
• interpreter/Interpreter.cpp: (JSC::Interpreter::resolve): (JSC::Interpreter::resolveSkip): (JSC::Interpreter::resolveGlobalDynamic): (JSC::Interpreter::resolveBaseAndProperty): (JSC::Interpreter::unwindCallFrame): (JSC::appendSourceToError): (JSC::Interpreter::execute): (JSC::Interpreter::privateExecute):
• interpreter/Register.h: (JSC::Register::jsValueSlot):
• jit/JITStubs.cpp: (JSC::JITThunks::tryCacheGetByID): (JSC::DEFINE_STUB_FUNCTION):
• jsc.cpp: (GlobalObject::GlobalObject):
• runtime/Arguments.cpp: (JSC::Arguments::markChildren): (JSC::Arguments::getOwnPropertySlot): (JSC::Arguments::getOwnPropertyDescriptor): (JSC::Arguments::put):
• runtime/Arguments.h: (JSC::Arguments::setActivation): (JSC::Arguments::Arguments):
• runtime/ArrayConstructor.cpp: (JSC::ArrayConstructor::ArrayConstructor): (JSC::constructArrayWithSizeQuirk):
• runtime/ArrayPrototype.cpp: (JSC::arrayProtoFuncSplice):
• runtime/BatchedTransitionOptimizer.h: (JSC::BatchedTransitionOptimizer::BatchedTransitionOptimizer): (JSC::BatchedTransitionOptimizer::~BatchedTransitionOptimizer):
• runtime/BooleanConstructor.cpp: (JSC::BooleanConstructor::BooleanConstructor): (JSC::constructBoolean): (JSC::constructBooleanFromImmediateBoolean):
• runtime/BooleanPrototype.cpp: (JSC::BooleanPrototype::BooleanPrototype):
• runtime/ConservativeSet.h: (JSC::ConservativeSet::mark):
• runtime/DateConstructor.cpp: (JSC::DateConstructor::DateConstructor):
• runtime/DateInstance.cpp: (JSC::DateInstance::DateInstance):
• runtime/DatePrototype.cpp: (JSC::dateProtoFuncSetTime): (JSC::setNewValueFromTimeArgs): (JSC::setNewValueFromDateArgs): (JSC::dateProtoFuncSetYear):
• runtime/ErrorConstructor.cpp: (JSC::ErrorConstructor::ErrorConstructor):
• runtime/ErrorInstance.cpp: (JSC::ErrorInstance::ErrorInstance):
• runtime/ErrorPrototype.cpp: (JSC::ErrorPrototype::ErrorPrototype):
• runtime/FunctionConstructor.cpp: (JSC::FunctionConstructor::FunctionConstructor):
• runtime/FunctionPrototype.cpp: (JSC::FunctionPrototype::FunctionPrototype):
• runtime/GetterSetter.cpp: (JSC::GetterSetter::markChildren):
• runtime/GetterSetter.h: (JSC::GetterSetter::GetterSetter): (JSC::GetterSetter::getter): (JSC::GetterSetter::setGetter): (JSC::GetterSetter::setter): (JSC::GetterSetter::setSetter):
• runtime/GlobalEvalFunction.cpp: (JSC::GlobalEvalFunction::GlobalEvalFunction): (JSC::GlobalEvalFunction::markChildren):
• runtime/GlobalEvalFunction.h: (JSC::GlobalEvalFunction::cachedGlobalObject):
• runtime/Heap.cpp: (JSC::Heap::markProtectedObjects): (JSC::Heap::markTempSortVectors): (JSC::Heap::markRoots):
• runtime/InternalFunction.cpp: (JSC::InternalFunction::InternalFunction):
• runtime/JSAPIValueWrapper.h: (JSC::JSAPIValueWrapper::value): (JSC::JSAPIValueWrapper::JSAPIValueWrapper):
• runtime/JSActivation.cpp: (JSC::JSActivation::put):
• runtime/JSArray.cpp: (JSC::JSArray::JSArray): (JSC::JSArray::getOwnPropertySlot): (JSC::JSArray::getOwnPropertyDescriptor): (JSC::JSArray::put): (JSC::JSArray::putSlowCase): (JSC::JSArray::deleteProperty): (JSC::JSArray::increaseVectorLength): (JSC::JSArray::setLength): (JSC::JSArray::pop): (JSC::JSArray::push): (JSC::JSArray::unshiftCount): (JSC::JSArray::sort): (JSC::JSArray::fillArgList): (JSC::JSArray::copyToRegisters): (JSC::JSArray::compactForSorting):
• runtime/JSArray.h: (JSC::JSArray::getIndex): (JSC::JSArray::setIndex): (JSC::JSArray::uncheckedSetIndex): (JSC::JSArray::markChildrenDirect):
• runtime/JSByteArray.cpp: (JSC::JSByteArray::JSByteArray):
• runtime/JSCell.h: (JSC::JSCell::MarkStack::append): (JSC::JSCell::MarkStack::appendCell):
• runtime/JSFunction.cpp: (JSC::JSFunction::JSFunction): (JSC::JSFunction::getOwnPropertySlot):
• runtime/JSGlobalObject.cpp: (JSC::markIfNeeded): (JSC::JSGlobalObject::reset): (JSC::JSGlobalObject::resetPrototype): (JSC::JSGlobalObject::markChildren):
• runtime/JSGlobalObject.h: (JSC::JSGlobalObject::JSGlobalObjectData::JSGlobalObjectData): (JSC::JSGlobalObject::regExpConstructor): (JSC::JSGlobalObject::errorConstructor): (JSC::JSGlobalObject::evalErrorConstructor): (JSC::JSGlobalObject::rangeErrorConstructor): (JSC::JSGlobalObject::referenceErrorConstructor): (JSC::JSGlobalObject::syntaxErrorConstructor): (JSC::JSGlobalObject::typeErrorConstructor): (JSC::JSGlobalObject::URIErrorConstructor): (JSC::JSGlobalObject::evalFunction): (JSC::JSGlobalObject::objectPrototype): (JSC::JSGlobalObject::functionPrototype): (JSC::JSGlobalObject::arrayPrototype): (JSC::JSGlobalObject::booleanPrototype): (JSC::JSGlobalObject::stringPrototype): (JSC::JSGlobalObject::numberPrototype): (JSC::JSGlobalObject::datePrototype): (JSC::JSGlobalObject::regExpPrototype): (JSC::JSGlobalObject::methodCallDummy): (JSC::constructArray):
• runtime/JSONObject.cpp: (JSC::Stringifier::Holder::object): (JSC::Stringifier::Holder::objectSlot): (JSC::Stringifier::markAggregate): (JSC::Stringifier::stringify): (JSC::Stringifier::Holder::appendNextProperty): (JSC::Walker::callReviver): (JSC::Walker::walk):
• runtime/JSObject.cpp: (JSC::JSObject::defineGetter): (JSC::JSObject::defineSetter): (JSC::JSObject::removeDirect): (JSC::JSObject::putDirectFunction): (JSC::JSObject::putDirectFunctionWithoutTransition): (JSC::putDescriptor): (JSC::JSObject::defineOwnProperty):
• runtime/JSObject.h: (JSC::JSObject::putDirectOffset): (JSC::JSObject::putUndefinedAtDirectOffset): (JSC::JSObject::flattenDictionaryObject): (JSC::JSObject::putDirectInternal): (JSC::JSObject::putDirect): (JSC::JSObject::putDirectFunction): (JSC::JSObject::putDirectWithoutTransition): (JSC::JSObject::putDirectFunctionWithoutTransition): (JSC::JSValue::putDirect): (JSC::JSObject::allocatePropertyStorageInline): (JSC::JSObject::markChildrenDirect):
• runtime/JSStaticScopeObject.cpp: (JSC::JSStaticScopeObject::markChildren):
• runtime/JSString.cpp: (JSC::StringObject::create):
• runtime/JSValue.h:
• runtime/JSWrapperObject.cpp: (JSC::JSWrapperObject::markChildren):
• runtime/JSWrapperObject.h: (JSC::JSWrapperObject::internalValue): (JSC::JSWrapperObject::setInternalValue):
• runtime/LiteralParser.cpp: (JSC::LiteralParser::parse):
• runtime/Lookup.cpp: (JSC::setUpStaticFunctionSlot):
• runtime/Lookup.h: (JSC::lookupPut):
• runtime/MarkStack.h:
• runtime/MathObject.cpp: (JSC::MathObject::MathObject):
• runtime/NativeErrorConstructor.cpp: (JSC::NativeErrorConstructor::NativeErrorConstructor):
• runtime/NativeErrorPrototype.cpp: (JSC::NativeErrorPrototype::NativeErrorPrototype):
• runtime/NumberConstructor.cpp: (JSC::NumberConstructor::NumberConstructor): (JSC::constructWithNumberConstructor):
• runtime/NumberObject.cpp: (JSC::constructNumber):
• runtime/NumberPrototype.cpp: (JSC::NumberPrototype::NumberPrototype):
• runtime/ObjectConstructor.cpp: (JSC::ObjectConstructor::ObjectConstructor): (JSC::objectConstructorGetOwnPropertyDescriptor):
• runtime/Operations.h: (JSC::normalizePrototypeChain): (JSC::resolveBase):
• runtime/PrototypeFunction.cpp: (JSC::PrototypeFunction::PrototypeFunction):
• runtime/PutPropertySlot.h: (JSC::PutPropertySlot::setExistingProperty): (JSC::PutPropertySlot::setNewProperty): (JSC::PutPropertySlot::base):
• runtime/RegExpConstructor.cpp: (JSC::RegExpConstructor::RegExpConstructor):
• runtime/ScopeChain.cpp: (JSC::ScopeChainNode::print):
• runtime/ScopeChain.h: (JSC::ScopeChainNode::~ScopeChainNode): (JSC::ScopeChainIterator::operator*): (JSC::ScopeChainIterator::operator->): (JSC::ScopeChain::top):
• runtime/ScopeChainMark.h: (JSC::ScopeChain::markAggregate):
• runtime/SmallStrings.cpp: (JSC::isMarked): (JSC::SmallStrings::markChildren):
• runtime/SmallStrings.h: (JSC::SmallStrings::emptyString): (JSC::SmallStrings::singleCharacterString): (JSC::SmallStrings::singleCharacterStrings):
• runtime/StringConstructor.cpp: (JSC::StringConstructor::StringConstructor):
• runtime/StringObject.cpp: (JSC::StringObject::StringObject):
• runtime/StringObject.h:
• runtime/StringPrototype.cpp: (JSC::StringPrototype::StringPrototype):
• runtime/Structure.cpp: (JSC::Structure::flattenDictionaryStructure):
• runtime/Structure.h: (JSC::Structure::storedPrototypeSlot):
• runtime/WeakGCMap.h: (JSC::WeakGCMap::uncheckedGet): (JSC::WeakGCMap::uncheckedGetSlot): (JSC::::get): (JSC::::take): (JSC::::set): (JSC::::uncheckedRemove):
• runtime/WriteBarrier.h: Added. (JSC::DeprecatedPtr::DeprecatedPtr): (JSC::DeprecatedPtr::get): (JSC::DeprecatedPtr::operator*): (JSC::DeprecatedPtr::operator->): (JSC::DeprecatedPtr::slot): (JSC::DeprecatedPtr::operator UnspecifiedBoolType*): (JSC::DeprecatedPtr::operator!): (JSC::WriteBarrierBase::set): (JSC::WriteBarrierBase::get): (JSC::WriteBarrierBase::operator*): (JSC::WriteBarrierBase::operator->): (JSC::WriteBarrierBase::slot): (JSC::WriteBarrierBase::operator UnspecifiedBoolType*): (JSC::WriteBarrierBase::operator!): (JSC::WriteBarrier::WriteBarrier): (JSC::operator==):

2011-01-27 Oliver Hunt <​[email protected]>

Reviewed by Geoffrey Garen.

Convert markstack to a slot visitor API
​https://bugs.webkit.org/show_bug.cgi?id=53219

There's no reason to recurse here, the value we
were marking was protected.

• JSValueWrapper.cpp: (JSValueWrapper::JSObjectMark):

2011-01-27 Oliver Hunt <​[email protected]>

Reviewed by Geoffrey Garen.

Convert markstack to a slot visitor API
​https://bugs.webkit.org/show_bug.cgi?id=53219

Update WebCore to the new marking apis, correct bindings
codegen.

• ForwardingHeaders/runtime/WriteBarrier.h: Added.
• WebCore.exp.in:
• bindings/js/DOMWrapperWorld.h: (WebCore::DOMWrapperWorld::globalData):
• bindings/js/JSAudioConstructor.cpp: (WebCore::JSAudioConstructor::JSAudioConstructor):
• bindings/js/JSDOMBinding.cpp: (WebCore::markDOMNodesForDocument): (WebCore::markDOMObjectWrapper): (WebCore::markDOMNodeWrapper):
• bindings/js/JSDOMGlobalObject.cpp: (WebCore::JSDOMGlobalObject::markChildren): (WebCore::JSDOMGlobalObject::setInjectedScript): (WebCore::JSDOMGlobalObject::injectedScript):
• bindings/js/JSDOMGlobalObject.h: (WebCore::JSDOMGlobalObject::JSDOMGlobalObjectData::JSDOMGlobalObjectData): (WebCore::getDOMConstructor):
• bindings/js/JSDOMWindowCustom.cpp: (WebCore::JSDOMWindow::setLocation): (WebCore::DialogHandler::dialogCreated):
• bindings/js/JSDOMWindowShell.cpp: (WebCore::JSDOMWindowShell::JSDOMWindowShell): (WebCore::JSDOMWindowShell::setWindow): (WebCore::JSDOMWindowShell::markChildren): (WebCore::JSDOMWindowShell::unwrappedObject):
• bindings/js/JSDOMWindowShell.h: (WebCore::JSDOMWindowShell::window): (WebCore::JSDOMWindowShell::setWindow):
• bindings/js/JSEventListener.cpp: (WebCore::JSEventListener::JSEventListener): (WebCore::JSEventListener::markJSFunction):
• bindings/js/JSEventListener.h: (WebCore::JSEventListener::jsFunction):
• bindings/js/JSHTMLDocumentCustom.cpp: (WebCore::JSHTMLDocument::setAll):
• bindings/js/JSImageConstructor.cpp: (WebCore::JSImageConstructor::JSImageConstructor):
• bindings/js/JSImageDataCustom.cpp: (WebCore::toJS):
• bindings/js/JSJavaScriptCallFrameCustom.cpp: (WebCore::JSJavaScriptCallFrame::scopeChain): (WebCore::JSJavaScriptCallFrame::scopeType):
• bindings/js/JSNodeFilterCondition.cpp: (WebCore::JSNodeFilterCondition::markAggregate): (WebCore::JSNodeFilterCondition::acceptNode):
• bindings/js/JSNodeFilterCondition.h:
• bindings/js/JSNodeFilterCustom.cpp:
• bindings/js/JSOptionConstructor.cpp: (WebCore::JSOptionConstructor::JSOptionConstructor):
• bindings/js/JSSQLResultSetRowListCustom.cpp: (WebCore::JSSQLResultSetRowList::item):
• bindings/js/ScriptCachedFrameData.cpp: (WebCore::ScriptCachedFrameData::restore):
• bindings/js/ScriptObject.cpp: (WebCore::ScriptGlobalObject::set):
• bindings/js/SerializedScriptValue.cpp: (WebCore::CloneDeserializer::putProperty):
• bindings/scripts/CodeGeneratorJS.pm:
• dom/Document.h:

2011-01-27 Oliver Hunt <​[email protected]>

Reviewed by Geoffrey Garen.

Convert markstack to a slot visitor API
​https://bugs.webkit.org/show_bug.cgi?id=53219

Update to new marking api

• WebView/WebScriptDebugDelegate.mm: (-[WebScriptCallFrame scopeChain]):

File:

• trunk/Source/JavaScriptCore/runtime/JSObject.h (modified) (19 diffs)

trunk/Source/JavaScriptCore/runtime/JSObject.h

@@ -71 +71 @@
     };
 
-    typedef EncodedJSValue* PropertyStorage;
-    typedef const EncodedJSValue* ConstPropertyStorage;
+    typedef WriteBarrierBase<Unknown>* PropertyStorage;
+    typedef const WriteBarrierBase<Unknown>* ConstPropertyStorage;
 
     class JSObject : public JSCell {
@@ -180 +180 @@
         bool hasGetterSetterProperties() { return m_structure->hasGetterSetterProperties(); }
 
-        bool putDirect(const Identifier& propertyName, JSValue value, unsigned attr, bool checkReadOnly, PutPropertySlot& slot);
-        void putDirect(const Identifier& propertyName, JSValue value, unsigned attr = 0);
-        bool putDirect(const Identifier& propertyName, JSValue value, PutPropertySlot&);
-
-        void putDirectFunction(const Identifier& propertyName, JSCell* value, unsigned attr = 0);
-        void putDirectFunction(const Identifier& propertyName, JSCell* value, unsigned attr, bool checkReadOnly, PutPropertySlot& slot);
+        bool putDirect(JSGlobalData&, const Identifier& propertyName, JSValue, unsigned attr, bool checkReadOnly, PutPropertySlot&);
+        void putDirect(JSGlobalData&, const Identifier& propertyName, JSValue, unsigned attr = 0);
+        bool putDirect(JSGlobalData&, const Identifier& propertyName, JSValue, PutPropertySlot&);
+
+        void putDirectFunction(JSGlobalData&, const Identifier& propertyName, JSCell*, unsigned attr = 0);
+        void putDirectFunction(JSGlobalData&, const Identifier& propertyName, JSCell*, unsigned attr, bool checkReadOnly, PutPropertySlot&);
         void putDirectFunction(ExecState* exec, InternalFunction* function, unsigned attr = 0);
         void putDirectFunction(ExecState* exec, JSFunction* function, unsigned attr = 0);
 
-        void putDirectWithoutTransition(const Identifier& propertyName, JSValue value, unsigned attr = 0);
-        void putDirectFunctionWithoutTransition(const Identifier& propertyName, JSCell* value, unsigned attr = 0);
+        void putDirectWithoutTransition(JSGlobalData&, const Identifier& propertyName, JSValue, unsigned attr = 0);
+        void putDirectFunctionWithoutTransition(JSGlobalData&, const Identifier& propertyName, JSCell* value, unsigned attr = 0);
         void putDirectFunctionWithoutTransition(ExecState* exec, InternalFunction* function, unsigned attr = 0);
         void putDirectFunctionWithoutTransition(ExecState* exec, JSFunction* function, unsigned attr = 0);
 
         // Fast access to known property offsets.
-        JSValue getDirectOffset(size_t offset) const { return JSValue::decode(propertyStorage()[offset]); }
-        void putDirectOffset(size_t offset, JSValue value) { propertyStorage()[offset] = JSValue::encode(value); }
+        JSValue getDirectOffset(size_t offset) const { return propertyStorage()[offset].get(); }
+        void putDirectOffset(JSGlobalData& globalData, size_t offset, JSValue value) { propertyStorage()[offset].set(globalData, this, value); }
+        void putUndefinedAtDirectOffset(size_t offset) { propertyStorage()[offset].setUndefined(); }
 
         void fillGetterPropertySlot(PropertySlot&, JSValue* location);
@@ -226 +227 @@
         }
 
-        void flattenDictionaryObject()
-        {
-            m_structure->flattenDictionaryStructure(this);
+        void flattenDictionaryObject(JSGlobalData& globalData)
+        {
+            m_structure->flattenDictionaryStructure(globalData, this);
         }
 
@@ -268 +269 @@
         }
 
-        bool putDirectInternal(const Identifier& propertyName, JSValue value, unsigned attr, bool checkReadOnly, PutPropertySlot& slot, JSCell*);
-        bool putDirectInternal(JSGlobalData&, const Identifier& propertyName, JSValue value, unsigned attr, bool checkReadOnly, PutPropertySlot& slot);
+        bool putDirectInternal(JSGlobalData&, const Identifier& propertyName, JSValue, unsigned attr, bool checkReadOnly, PutPropertySlot&, JSCell*);
+        bool putDirectInternal(JSGlobalData&, const Identifier& propertyName, JSValue, unsigned attr, bool checkReadOnly, PutPropertySlot&);
         void putDirectInternal(JSGlobalData&, const Identifier& propertyName, JSValue value, unsigned attr = 0);
 
@@ -279 +280 @@
         union {
             PropertyStorage m_externalStorage;
-            EncodedJSValue m_inlineStorage[inlineStorageCapacity];
+            WriteBarrierBase<Unknown> m_inlineStorage[inlineStorageCapacity];
         };
 
@@ -451 +452 @@
 }
 
-inline bool JSObject::putDirectInternal(const Identifier& propertyName, JSValue value, unsigned attributes, bool checkReadOnly, PutPropertySlot& slot, JSCell* specificFunction)
+inline bool JSObject::putDirectInternal(JSGlobalData& globalData, const Identifier& propertyName, JSValue value, unsigned attributes, bool checkReadOnly, PutPropertySlot& slot, JSCell* specificFunction)
 {
     ASSERT(value);
@@ -468 +469 @@
                 return false;
 
-            putDirectOffset(offset, value);
+            putDirectOffset(globalData, offset, value);
             // At this point, the objects structure only has a specific value set if previously there
             // had been one set, and if the new value being specified is the same (otherwise we would
@@ -486 +487 @@
 
         ASSERT(offset < m_structure->propertyStorageCapacity());
-        putDirectOffset(offset, value);
+        putDirectOffset(globalData, offset, value);
         // See comment on setNewProperty call below.
         if (!specificFunction)
@@ -501 +502 @@
         ASSERT(offset < structure->propertyStorageCapacity());
         setStructure(structure.release());
-        putDirectOffset(offset, value);
+        putDirectOffset(globalData, offset, value);
         // This is a new property; transitions with specific values are not currently cachable,
         // so leave the slot in an uncachable state.
@@ -528 +529 @@
             // case (1) Do the put, then return leaving the slot uncachable.
             if (specificFunction == currentSpecificFunction) {
-                putDirectOffset(offset, value);
+                putDirectOffset(globalData, offset, value);
                 return true;
             }
@@ -537 +538 @@
         // case (3) set the slot, do the put, return.
         slot.setExistingProperty(this, offset);
-        putDirectOffset(offset, value);
+        putDirectOffset(globalData, offset, value);
         return true;
     }
@@ -558 +559 @@
     ASSERT(offset < structure->propertyStorageCapacity());
     setStructure(structure.release());
-    putDirectOffset(offset, value);
+    putDirectOffset(globalData, offset, value);
     // This is a new property; transitions with specific values are not currently cachable,
     // so leave the slot in an uncachable state.
@@ -571 +572 @@
     ASSERT(!Heap::heap(value) || Heap::heap(value) == Heap::heap(this));
 
-    return putDirectInternal(propertyName, value, attributes, checkReadOnly, slot, getJSFunction(globalData, value));
+    return putDirectInternal(globalData, propertyName, value, attributes, checkReadOnly, slot, getJSFunction(globalData, value));
 }
 
@@ -577 +578 @@
 {
     PutPropertySlot slot;
-    putDirectInternal(propertyName, value, attributes, false, slot, getJSFunction(globalData, value));
-}
-
-inline bool JSObject::putDirect(const Identifier& propertyName, JSValue value, unsigned attributes, bool checkReadOnly, PutPropertySlot& slot)
+    putDirectInternal(globalData, propertyName, value, attributes, false, slot, getJSFunction(globalData, value));
+}
+
+inline bool JSObject::putDirect(JSGlobalData& globalData, const Identifier& propertyName, JSValue value, unsigned attributes, bool checkReadOnly, PutPropertySlot& slot)
 {
     ASSERT(value);
     ASSERT(!Heap::heap(value) || Heap::heap(value) == Heap::heap(this));
 
-    return putDirectInternal(propertyName, value, attributes, checkReadOnly, slot, 0);
-}
-
-inline void JSObject::putDirect(const Identifier& propertyName, JSValue value, unsigned attributes)
+    return putDirectInternal(globalData, propertyName, value, attributes, checkReadOnly, slot, 0);
+}
+
+inline void JSObject::putDirect(JSGlobalData& globalData, const Identifier& propertyName, JSValue value, unsigned attributes)
 {
     PutPropertySlot slot;
-    putDirectInternal(propertyName, value, attributes, false, slot, 0);
-}
-
-inline bool JSObject::putDirect(const Identifier& propertyName, JSValue value, PutPropertySlot& slot)
-{
-    return putDirectInternal(propertyName, value, 0, false, slot, 0);
-}
-
-inline void JSObject::putDirectFunction(const Identifier& propertyName, JSCell* value, unsigned attributes, bool checkReadOnly, PutPropertySlot& slot)
-{
-    putDirectInternal(propertyName, value, attributes, checkReadOnly, slot, value);
-}
-
-inline void JSObject::putDirectFunction(const Identifier& propertyName, JSCell* value, unsigned attr)
+    putDirectInternal(globalData, propertyName, value, attributes, false, slot, 0);
+}
+
+inline bool JSObject::putDirect(JSGlobalData& globalData, const Identifier& propertyName, JSValue value, PutPropertySlot& slot)
+{
+    return putDirectInternal(globalData, propertyName, value, 0, false, slot, 0);
+}
+
+inline void JSObject::putDirectFunction(JSGlobalData& globalData, const Identifier& propertyName, JSCell* value, unsigned attributes, bool checkReadOnly, PutPropertySlot& slot)
+{
+    putDirectInternal(globalData, propertyName, value, attributes, checkReadOnly, slot, value);
+}
+
+inline void JSObject::putDirectFunction(JSGlobalData& globalData, const Identifier& propertyName, JSCell* value, unsigned attr)
 {
     PutPropertySlot slot;
-    putDirectInternal(propertyName, value, attr, false, slot, value);
-}
-
-inline void JSObject::putDirectWithoutTransition(const Identifier& propertyName, JSValue value, unsigned attributes)
+    putDirectInternal(globalData, propertyName, value, attr, false, slot, value);
+}
+
+inline void JSObject::putDirectWithoutTransition(JSGlobalData& globalData, const Identifier& propertyName, JSValue value, unsigned attributes)
 {
     size_t currentCapacity = m_structure->propertyStorageCapacity();
@@ -616 +617 @@
     if (currentCapacity != m_structure->propertyStorageCapacity())
         allocatePropertyStorage(currentCapacity, m_structure->propertyStorageCapacity());
-    putDirectOffset(offset, value);
-}
-
-inline void JSObject::putDirectFunctionWithoutTransition(const Identifier& propertyName, JSCell* value, unsigned attributes)
+    putDirectOffset(globalData, offset, value);
+}
+
+inline void JSObject::putDirectFunctionWithoutTransition(JSGlobalData& globalData, const Identifier& propertyName, JSCell* value, unsigned attributes)
 {
     size_t currentCapacity = m_structure->propertyStorageCapacity();
@@ -625 +626 @@
     if (currentCapacity != m_structure->propertyStorageCapacity())
         allocatePropertyStorage(currentCapacity, m_structure->propertyStorageCapacity());
-    putDirectOffset(offset, value);
+    putDirectOffset(globalData, offset, value);
 }
 
@@ -704 +705 @@
 {
     ASSERT(isCell() && isObject());
-    if (!asObject(asCell())->putDirect(propertyName, value, slot) && slot.isStrictMode())
+    if (!asObject(asCell())->putDirect(exec->globalData(), propertyName, value, slot) && slot.isStrictMode())
         throwTypeError(exec, StrictModeReadonlyPropertyWriteError);
 }
@@ -726 +727 @@
 
     PropertyStorage oldPropertyStorage = (wasInline ? m_inlineStorage : m_externalStorage);
-    PropertyStorage newPropertyStorage = new EncodedJSValue[newSize];
+    PropertyStorage newPropertyStorage = new WriteBarrierBase<Unknown>[newSize];
 
     for (unsigned i = 0; i < oldSize; ++i)
@@ -741 +742 @@
     JSCell::markChildren(markStack);
 
-    markStack.append(prototype());
-    
+    markStack.append(m_structure->storedPrototypeSlot());
     PropertyStorage storage = propertyStorage();
     size_t storageSize = m_structure->propertyStorageSize();
-    markStack.appendValues(reinterpret_cast<JSValue*>(storage), storageSize);
+    markStack.appendValues(storage, storageSize);
 }