Changeset 77151 in webkit for trunk/Source/JavaScriptCore/runtime

Timestamp:

Jan 31, 2011, 12:07:21 PM (14 years ago)

Author:

[email protected]

Message:

2011-01-31 Oliver Hunt <​[email protected]>

Convert markstack to a slot visitor API
​https://bugs.webkit.org/show_bug.cgi?id=53219

rolling r77098, r77099, r77100, r77109, and
r77111 back in, along with a few more Qt fix attempts.

Location:

trunk/Source/JavaScriptCore/runtime

Files:

• ArgList.cpp (modified) (1 diff)
• Arguments.cpp (modified) (5 diffs)
• Arguments.h (modified) (7 diffs)
• ArrayConstructor.cpp (modified) (2 diffs)
• ArrayPrototype.cpp (modified) (1 diff)
• BatchedTransitionOptimizer.h (modified) (2 diffs)
• BooleanConstructor.cpp (modified) (3 diffs)
• BooleanPrototype.cpp (modified) (1 diff)
• ConservativeSet.cpp (modified) (1 diff)
• ConservativeSet.h (modified) (3 diffs)
• DateConstructor.cpp (modified) (2 diffs)
• DateInstance.cpp (modified) (2 diffs)
• DatePrototype.cpp (modified) (8 diffs)
• ErrorConstructor.cpp (modified) (1 diff)
• ErrorInstance.cpp (modified) (2 diffs)
• ErrorPrototype.cpp (modified) (1 diff)
• FunctionConstructor.cpp (modified) (1 diff)
• FunctionPrototype.cpp (modified) (1 diff)
• GetterSetter.cpp (modified) (1 diff)
• GetterSetter.h (modified) (3 diffs)
• GlobalEvalFunction.cpp (modified) (2 diffs)
• GlobalEvalFunction.h (modified) (2 diffs)
• Heap.cpp (modified) (3 diffs)
• InternalFunction.cpp (modified) (1 diff)
• JSAPIValueWrapper.h (modified) (2 diffs)
• JSActivation.cpp (modified) (3 diffs)
• JSArray.cpp (modified) (32 diffs)
• JSArray.h (modified) (7 diffs)
• JSByteArray.cpp (modified) (1 diff)
• JSCell.h (modified) (2 diffs)
• JSFunction.cpp (modified) (4 diffs)
• JSGlobalData.h (modified) (1 diff)
• JSGlobalObject.cpp (modified) (8 diffs)
• JSGlobalObject.h (modified) (5 diffs)
• JSONObject.cpp (modified) (10 diffs)
• JSObject.cpp (modified) (9 diffs)
• JSObject.h (modified) (19 diffs)
• JSPropertyNameIterator.cpp (modified) (2 diffs)
• JSPropertyNameIterator.h (modified) (1 diff)
• JSStaticScopeObject.cpp (modified) (1 diff)
• JSString.cpp (modified) (1 diff)
• JSValue.h (modified) (2 diffs)
• JSWrapperObject.cpp (modified) (1 diff)
• JSWrapperObject.h (modified) (3 diffs)
• LiteralParser.cpp (modified) (1 diff)
• Lookup.cpp (modified) (1 diff)
• Lookup.h (modified) (1 diff)
• MarkStack.h (modified) (3 diffs)
• MathObject.cpp (modified) (1 diff)
• NativeErrorConstructor.cpp (modified) (1 diff)
• NativeErrorPrototype.cpp (modified) (1 diff)
• NumberConstructor.cpp (modified) (2 diffs)
• NumberObject.cpp (modified) (1 diff)
• NumberPrototype.cpp (modified) (1 diff)
• ObjectConstructor.cpp (modified) (2 diffs)
• Operations.h (modified) (3 diffs)
• PrototypeFunction.cpp (modified) (2 diffs)
• PutPropertySlot.h (modified) (4 diffs)
• RegExpConstructor.cpp (modified) (1 diff)
• ScopeChain.cpp (modified) (1 diff)
• ScopeChain.h (modified) (5 diffs)
• ScopeChainMark.h (modified) (1 diff)
• SmallStrings.cpp (modified) (3 diffs)
• SmallStrings.h (modified) (5 diffs)
• StringConstructor.cpp (modified) (2 diffs)
• StringObject.cpp (modified) (2 diffs)
• StringObject.h (modified) (1 diff)
• StringPrototype.cpp (modified) (1 diff)
• Structure.cpp (modified) (5 diffs)
• Structure.h (modified) (3 diffs)
• WeakGCMap.h (modified) (4 diffs)
• WriteBarrier.h (added)

trunk/Source/JavaScriptCore/runtime/ArgList.cpp

@@ -43 +43 @@
     for (ListSet::iterator it = markSet.begin(); it != end; ++it) {
         MarkedArgumentBuffer* list = *it;
-        markStack.appendValues(reinterpret_cast<JSValue*>(list->m_buffer), list->m_size);
+        markStack.deprecatedAppendValues(list->m_buffer, list->m_size);
     }
 }

trunk/Source/JavaScriptCore/runtime/Arguments.cpp

@@ -49 +49 @@
 
     if (d->registerArray)
-        markStack.appendValues(reinterpret_cast<JSValue*>(d->registerArray.get()), d->numParameters);
+        markStack.deprecatedAppendValues(d->registerArray.get(), d->numParameters);
 
     if (d->extraArguments) {
         unsigned numExtraArguments = d->numArguments - d->numParameters;
-        markStack.appendValues(reinterpret_cast<JSValue*>(d->extraArguments), numExtraArguments);
-    }
-
-    markStack.append(d->callee);
+        markStack.deprecatedAppendValues(d->extraArguments, numExtraArguments);
+    }
+
+    markStack.append(&d->callee);
 
     if (d->activation)
-        markStack.append(d->activation);
+        markStack.append(&d->activation);
 }
 
@@ -198 +198 @@
     if (propertyName == exec->propertyNames().callee && LIKELY(!d->overrodeCallee)) {
         if (!d->isStrictMode) {
-            slot.setValue(d->callee);
+            slot.setValue(d->callee.get());
             return true;
         }
@@ -229 +229 @@
     if (propertyName == exec->propertyNames().callee && LIKELY(!d->overrodeCallee)) {
         if (!d->isStrictMode) {
-            descriptor.setDescriptor(d->callee, DontEnum);
+            descriptor.setDescriptor(d->callee.get(), DontEnum);
             return true;
         }
@@ -281 +281 @@
     if (propertyName == exec->propertyNames().length && !d->overrodeLength) {
         d->overrodeLength = true;
-        putDirect(propertyName, value, DontEnum);
+        putDirect(exec->globalData(), propertyName, value, DontEnum);
         return;
     }
@@ -288 +288 @@
         if (!d->isStrictMode) {
             d->overrodeCallee = true;
-            putDirect(propertyName, value, DontEnum);
+            putDirect(exec->globalData(), propertyName, value, DontEnum);
             return;
         }

trunk/Source/JavaScriptCore/runtime/Arguments.h

@@ -38 +38 @@
     public:
         ArgumentsData() { }
-        JSActivation* activation;
+        WriteBarrier<JSActivation> activation;
 
         unsigned numParameters;
@@ -51 +51 @@
         Register extraArgumentsFixedBuffer[4];
 
-        JSFunction* callee;
+        WriteBarrier<JSFunction> callee;
         bool overrodeLength : 1;
         bool overrodeCallee : 1;
@@ -87 +87 @@
         void copyRegisters();
         bool isTornOff() const { return d->registerArray; }
-        void setActivation(JSActivation* activation)
+        void setActivation(JSGlobalData& globalData, JSActivation* activation)
         {
-            d->activation = activation;
+            d->activation.set(globalData, this, activation);
             d->registers = &activation->registerAt(0);
         }
@@ -159 +159 @@
         d->numArguments = numArguments;
 
-        d->activation = 0;
         d->registers = callFrame->registers();
 
@@ -177 +176 @@
         d->extraArguments = extraArguments;
 
-        d->callee = callee;
+        d->callee.set(callFrame->globalData(), this, callee);
         d->overrodeLength = false;
         d->overrodeCallee = false;
@@ -196 +195 @@
         d->numParameters = 0;
         d->numArguments = numArguments;
-        d->activation = 0;
 
         Register* extraArguments;
@@ -210 +208 @@
         d->extraArguments = extraArguments;
 
-        d->callee = asFunction(callFrame->callee());
+        d->callee.set(callFrame->globalData(), this, asFunction(callFrame->callee()));
         d->overrodeLength = false;
         d->overrodeCallee = false;

trunk/Source/JavaScriptCore/runtime/ArrayConstructor.cpp

@@ -43 +43 @@
 {
     // ECMA 15.4.3.1 Array.prototype
-    putDirectWithoutTransition(exec->propertyNames().prototype, arrayPrototype, DontEnum | DontDelete | ReadOnly);
+    putDirectWithoutTransition(exec->globalData(), exec->propertyNames().prototype, arrayPrototype, DontEnum | DontDelete | ReadOnly);
 
     // no. of arguments for constructor
-    putDirectWithoutTransition(exec->propertyNames().length, jsNumber(1), ReadOnly | DontEnum | DontDelete);
+    putDirectWithoutTransition(exec->globalData(), exec->propertyNames().length, jsNumber(1), ReadOnly | DontEnum | DontDelete);
 
     // ES5
@@ -63 +63 @@
 
     // otherwise the array is constructed with the arguments in it
-    return new (exec) JSArray(exec->lexicalGlobalObject()->arrayStructure(), args);
+    return new (exec) JSArray(exec->globalData(), exec->lexicalGlobalObject()->arrayStructure(), args);
 }
 

trunk/Source/JavaScriptCore/runtime/ArrayPrototype.cpp

@@ -546 +546 @@
     JSArray* resObj = new (exec) JSArray(exec->lexicalGlobalObject()->arrayStructure(), deleteCount, CreateCompact);
     JSValue result = resObj;
-
+    JSGlobalData& globalData = exec->globalData();
     for (unsigned k = 0; k < deleteCount; k++)
-        resObj->uncheckedSetIndex(k, getProperty(exec, thisObj, k + begin));
+        resObj->uncheckedSetIndex(globalData, k, getProperty(exec, thisObj, k + begin));
 
     resObj->setLength(deleteCount);

trunk/Source/JavaScriptCore/runtime/BatchedTransitionOptimizer.h

@@ -35 +35 @@
         WTF_MAKE_NONCOPYABLE(BatchedTransitionOptimizer);
     public:
-        BatchedTransitionOptimizer(JSObject* object)
-            : m_object(object)
+        BatchedTransitionOptimizer(JSGlobalData& globalData, JSObject* object)
+            : m_globalData(&globalData)
+            , m_object(object)
         {
             if (!m_object->structure()->isDictionary())
@@ -44 +45 @@
         ~BatchedTransitionOptimizer()
         {
-            m_object->flattenDictionaryObject();
+            m_object->flattenDictionaryObject(*m_globalData);
         }
 
     private:
+        JSGlobalData* m_globalData;
         JSObject* m_object;
     };

trunk/Source/JavaScriptCore/runtime/BooleanConstructor.cpp

@@ -32 +32 @@
     : InternalFunction(&exec->globalData(), globalObject, structure, Identifier(exec, booleanPrototype->classInfo()->className))
 {
-    putDirectWithoutTransition(exec->propertyNames().prototype, booleanPrototype, DontEnum | DontDelete | ReadOnly);
+    putDirectWithoutTransition(exec->globalData(), exec->propertyNames().prototype, booleanPrototype, DontEnum | DontDelete | ReadOnly);
 
     // no. of arguments for constructor
-    putDirectWithoutTransition(exec->propertyNames().length, jsNumber(1), ReadOnly | DontDelete | DontEnum);
+    putDirectWithoutTransition(exec->globalData(), exec->propertyNames().length, jsNumber(1), ReadOnly | DontDelete | DontEnum);
 }
 
@@ -42 +42 @@
 {
     BooleanObject* obj = new (exec) BooleanObject(exec->lexicalGlobalObject()->booleanObjectStructure());
-    obj->setInternalValue(jsBoolean(args.at(0).toBoolean(exec)));
+    obj->setInternalValue(exec->globalData(), jsBoolean(args.at(0).toBoolean(exec)));
     return obj;
 }
@@ -73 +73 @@
 {
     BooleanObject* obj = new (exec) BooleanObject(exec->lexicalGlobalObject()->booleanObjectStructure());
-    obj->setInternalValue(immediateBooleanValue);
+    obj->setInternalValue(exec->globalData(), immediateBooleanValue);
     return obj;
 }

trunk/Source/JavaScriptCore/runtime/BooleanPrototype.cpp

@@ -42 +42 @@
     : BooleanObject(structure)
 {
-    setInternalValue(jsBoolean(false));
+    setInternalValue(exec->globalData(), jsBoolean(false));
 
     putDirectFunctionWithoutTransition(exec, new (exec) NativeFunctionWrapper(exec, globalObject, prototypeFunctionStructure, 0, exec->propertyNames().toString, booleanProtoFuncToString), DontEnum);

trunk/Source/JavaScriptCore/runtime/ConservativeSet.cpp

@@ -37 +37 @@
 {
     size_t newCapacity = m_capacity == inlineCapacity ? nonInlineCapacity : m_capacity * 2;
-    JSCell** newSet = static_cast<JSCell**>(OSAllocator::reserveAndCommit(newCapacity * sizeof(JSCell*)));
+    DeprecatedPtr<JSCell>* newSet = static_cast<DeprecatedPtr<JSCell>*>(OSAllocator::reserveAndCommit(newCapacity * sizeof(JSCell*)));
     memcpy(newSet, m_set, m_size * sizeof(JSCell*));
     if (m_set != m_inlineSet)

trunk/Source/JavaScriptCore/runtime/ConservativeSet.h

@@ -50 +50 @@
 
     Heap* m_heap;
-    JSCell** m_set;
+    DeprecatedPtr<JSCell>* m_set;
     size_t m_size;
     size_t m_capacity;
-    JSCell* m_inlineSet[inlineCapacity];
+    DeprecatedPtr<JSCell> m_inlineSet[inlineCapacity];
 };
 
@@ -67 +67 @@
 {
     if (m_set != m_inlineSet)
-        OSAllocator::decommitAndRelease(m_set, m_capacity * sizeof(JSCell*));
+        OSAllocator::decommitAndRelease(m_set, m_capacity * sizeof(DeprecatedPtr<JSCell>*));
 }
 
@@ -73 +73 @@
 {
     for (size_t i = 0; i < m_size; ++i)
-        markStack.append(m_set[i]);
+        markStack.append(&m_set[i]);
 }
 

trunk/Source/JavaScriptCore/runtime/DateConstructor.cpp

@@ -62 +62 @@
     : InternalFunction(&exec->globalData(), globalObject, structure, Identifier(exec, datePrototype->classInfo()->className))
 {
-      putDirectWithoutTransition(exec->propertyNames().prototype, datePrototype, DontEnum|DontDelete|ReadOnly);
+      putDirectWithoutTransition(exec->globalData(), exec->propertyNames().prototype, datePrototype, DontEnum | DontDelete | ReadOnly);
 
       putDirectFunctionWithoutTransition(exec, new (exec) NativeFunctionWrapper(exec, globalObject, prototypeFunctionStructure, 1, exec->propertyNames().parse, dateParse), DontEnum);
@@ -68 +68 @@
       putDirectFunctionWithoutTransition(exec, new (exec) NativeFunctionWrapper(exec, globalObject, prototypeFunctionStructure, 0, exec->propertyNames().now, dateNow), DontEnum);
 
-      putDirectWithoutTransition(exec->propertyNames().length, jsNumber(7), ReadOnly | DontEnum | DontDelete);
+      putDirectWithoutTransition(exec->globalData(), exec->propertyNames().length, jsNumber(7), ReadOnly | DontEnum | DontDelete);
 }
 

trunk/Source/JavaScriptCore/runtime/DateInstance.cpp

@@ -35 +35 @@
 const ClassInfo DateInstance::info = {"Date", 0, 0, 0};
 
-DateInstance::DateInstance(ExecState*, NonNullPassRefPtr<Structure> structure)
+DateInstance::DateInstance(ExecState* exec, NonNullPassRefPtr<Structure> structure)
     : JSWrapperObject(structure)
 {
-    setInternalValue(jsNaN());
+    setInternalValue(exec->globalData(), jsNaN());
 }
 
-DateInstance::DateInstance(ExecState*, NonNullPassRefPtr<Structure> structure, double time)
+DateInstance::DateInstance(ExecState* exec, NonNullPassRefPtr<Structure> structure, double time)
     : JSWrapperObject(structure)
 {
-    setInternalValue(jsNumber(timeClip(time)));
+    setInternalValue(exec->globalData(), jsNumber(timeClip(time)));
 }
 
@@ -50 +50 @@
     : JSWrapperObject(exec->lexicalGlobalObject()->dateStructure())
 {
-    setInternalValue(jsNumber(timeClip(time)));
+    setInternalValue(exec->globalData(), jsNumber(timeClip(time)));
 }
 

trunk/Source/JavaScriptCore/runtime/DatePrototype.cpp

@@ -846 +846 @@
     double milli = timeClip(exec->argument(0).toNumber(exec));
     JSValue result = jsNumber(milli);
-    thisDateObj->setInternalValue(result);
+    thisDateObj->setInternalValue(exec->globalData(), result);
     return JSValue::encode(result);
 }
@@ -861 +861 @@
     if (!exec->argumentCount() || isnan(milli)) {
         JSValue result = jsNaN();
-        thisDateObj->setInternalValue(result);
+        thisDateObj->setInternalValue(exec->globalData(), result);
         return JSValue::encode(result);
     }
@@ -878 +878 @@
     if (!fillStructuresUsingTimeArgs(exec, numArgsToUse, &ms, &gregorianDateTime)) {
         JSValue result = jsNaN();
-        thisDateObj->setInternalValue(result);
+        thisDateObj->setInternalValue(exec->globalData(), result);
         return JSValue::encode(result);
     } 
     
     JSValue result = jsNumber(gregorianDateTimeToMS(exec, gregorianDateTime, ms, inputIsUTC));
-    thisDateObj->setInternalValue(result);
+    thisDateObj->setInternalValue(exec->globalData(), result);
     return JSValue::encode(result);
 }
@@ -896 +896 @@
     if (!exec->argumentCount()) {
         JSValue result = jsNaN();
-        thisDateObj->setInternalValue(result);
+        thisDateObj->setInternalValue(exec->globalData(), result);
         return JSValue::encode(result);
     }      
@@ -918 +918 @@
     if (!fillStructuresUsingDateArgs(exec, numArgsToUse, &ms, &gregorianDateTime)) {
         JSValue result = jsNaN();
-        thisDateObj->setInternalValue(result);
+        thisDateObj->setInternalValue(exec->globalData(), result);
         return JSValue::encode(result);
     } 
            
     JSValue result = jsNumber(gregorianDateTimeToMS(exec, gregorianDateTime, ms, inputIsUTC));
-    thisDateObj->setInternalValue(result);
+    thisDateObj->setInternalValue(exec->globalData(), result);
     return JSValue::encode(result);
 }
@@ -1020 +1020 @@
     if (!exec->argumentCount()) { 
         JSValue result = jsNaN();
-        thisDateObj->setInternalValue(result);
+        thisDateObj->setInternalValue(exec->globalData(), result);
         return JSValue::encode(result);
     }
@@ -1042 +1042 @@
     if (!isfinite(year)) {
         JSValue result = jsNaN();
-        thisDateObj->setInternalValue(result);
+        thisDateObj->setInternalValue(exec->globalData(), result);
         return JSValue::encode(result);
     }
@@ -1048 +1048 @@
     gregorianDateTime.year = toInt32((year > 99 || year < 0) ? year - 1900 : year);
     JSValue result = jsNumber(gregorianDateTimeToMS(exec, gregorianDateTime, ms, false));
-    thisDateObj->setInternalValue(result);
+    thisDateObj->setInternalValue(exec->globalData(), result);
     return JSValue::encode(result);
 }

trunk/Source/JavaScriptCore/runtime/ErrorConstructor.cpp

@@ -34 +34 @@
 {
     // ECMA 15.11.3.1 Error.prototype
-    putDirectWithoutTransition(exec->propertyNames().prototype, errorPrototype, DontEnum | DontDelete | ReadOnly);
-    putDirectWithoutTransition(exec->propertyNames().length, jsNumber(1), DontDelete | ReadOnly | DontEnum);
+    putDirectWithoutTransition(exec->globalData(), exec->propertyNames().prototype, errorPrototype, DontEnum | DontDelete | ReadOnly);
+    putDirectWithoutTransition(exec->globalData(), exec->propertyNames().length, jsNumber(1), DontDelete | ReadOnly | DontEnum);
 }
 

trunk/Source/JavaScriptCore/runtime/ErrorInstance.cpp

@@ -30 +30 @@
     , m_appendSourceToMessage(false)
 {
-    putDirect(globalData->propertyNames->message, jsString(globalData, ""));
+    putDirect(*globalData, globalData->propertyNames->message, jsString(globalData, ""));
 }
 
@@ -37 +37 @@
     , m_appendSourceToMessage(false)
 {
-    putDirect(globalData->propertyNames->message, jsString(globalData, message));
+    putDirect(*globalData, globalData->propertyNames->message, jsString(globalData, message));
 }
 

trunk/Source/JavaScriptCore/runtime/ErrorPrototype.cpp

@@ -42 +42 @@
     // The constructor will be added later in ErrorConstructor's constructor
 
-    putDirectWithoutTransition(exec->propertyNames().name, jsNontrivialString(exec, "Error"), DontEnum);
+    putDirectWithoutTransition(exec->globalData(), exec->propertyNames().name, jsNontrivialString(exec, "Error"), DontEnum);
     putDirectFunctionWithoutTransition(exec, new (exec) NativeFunctionWrapper(exec, globalObject, prototypeFunctionStructure, 0, exec->propertyNames().toString, errorProtoFuncToString), DontEnum);
 }

trunk/Source/JavaScriptCore/runtime/FunctionConstructor.cpp

@@ -41 +41 @@
     : InternalFunction(&exec->globalData(), globalObject, structure, Identifier(exec, functionPrototype->classInfo()->className))
 {
-    putDirectWithoutTransition(exec->propertyNames().prototype, functionPrototype, DontEnum | DontDelete | ReadOnly);
+    putDirectWithoutTransition(exec->globalData(), exec->propertyNames().prototype, functionPrototype, DontEnum | DontDelete | ReadOnly);
 
     // Number of arguments for constructor
-    putDirectWithoutTransition(exec->propertyNames().length, jsNumber(1), ReadOnly | DontDelete | DontEnum);
+    putDirectWithoutTransition(exec->globalData(), exec->propertyNames().length, jsNumber(1), ReadOnly | DontDelete | DontEnum);
 }
 

trunk/Source/JavaScriptCore/runtime/FunctionPrototype.cpp

@@ -42 +42 @@
     : InternalFunction(&exec->globalData(), globalObject, structure, exec->propertyNames().nullIdentifier)
 {
-    putDirectWithoutTransition(exec->propertyNames().length, jsNumber(0), DontDelete | ReadOnly | DontEnum);
+    putDirectWithoutTransition(exec->globalData(), exec->propertyNames().length, jsNumber(0), DontDelete | ReadOnly | DontEnum);
 }
 

trunk/Source/JavaScriptCore/runtime/GetterSetter.cpp

@@ -34 +34 @@
 
     if (m_getter)
-        markStack.append(m_getter);
+        markStack.append(&m_getter);
     if (m_setter)
-        markStack.append(m_setter);
+        markStack.append(&m_setter);
 }
 

trunk/Source/JavaScriptCore/runtime/GetterSetter.h

@@ -39 +39 @@
         GetterSetter(ExecState* exec)
             : JSCell(exec->globalData().getterSetterStructure.get())
-            , m_getter(0)
-            , m_setter(0)
         {
         }
@@ -46 +44 @@
         virtual void markChildren(MarkStack&);
 
-        JSObject* getter() const { return m_getter; }
-        void setGetter(JSObject* getter) { m_getter = getter; }
-        JSObject* setter() const { return m_setter; }
-        void setSetter(JSObject* setter) { m_setter = setter; }
+        JSObject* getter() const { return m_getter.get(); }
+        void setGetter(JSGlobalData& globalData, JSObject* getter) { m_getter.set(globalData, this, getter); }
+        JSObject* setter() const { return m_setter.get(); }
+        void setSetter(JSGlobalData& globalData, JSObject* setter) { m_setter.set(globalData, this, setter); }
         static PassRefPtr<Structure> createStructure(JSValue prototype)
         {
@@ -57 +55 @@
         virtual bool isGetterSetter() const;
 
-        JSObject* m_getter;
-        JSObject* m_setter;  
+        WriteBarrier<JSObject> m_getter;
+        WriteBarrier<JSObject> m_setter;  
     };
 

trunk/Source/JavaScriptCore/runtime/GlobalEvalFunction.cpp

@@ -35 +35 @@
 GlobalEvalFunction::GlobalEvalFunction(ExecState* exec, JSGlobalObject* globalObject, NonNullPassRefPtr<Structure> structure, int len, const Identifier& name, NativeFunction function, JSGlobalObject* cachedGlobalObject)
     : PrototypeFunction(exec, globalObject, structure, len, name, function)
-    , m_cachedGlobalObject(cachedGlobalObject)
+    , m_cachedGlobalObject(exec->globalData(), this, cachedGlobalObject)
 {
     ASSERT_ARG(cachedGlobalObject, cachedGlobalObject);
@@ -43 +43 @@
 {
     PrototypeFunction::markChildren(markStack);
-    markStack.append(m_cachedGlobalObject);
+    markStack.append(&m_cachedGlobalObject);
 }
 

trunk/Source/JavaScriptCore/runtime/GlobalEvalFunction.h

@@ -34 +34 @@
     public:
         GlobalEvalFunction(ExecState*, JSGlobalObject*, NonNullPassRefPtr<Structure>, int len, const Identifier&, NativeFunction, JSGlobalObject* expectedThisObject);
-        JSGlobalObject* cachedGlobalObject() const { return m_cachedGlobalObject; }
+        JSGlobalObject* cachedGlobalObject() const { return m_cachedGlobalObject.get(); }
 
         static PassRefPtr<Structure> createStructure(JSValue prototype) 
@@ -47 +47 @@
         virtual void markChildren(MarkStack&);
 
-        JSGlobalObject* m_cachedGlobalObject;
+        WriteBarrier<JSGlobalObject> m_cachedGlobalObject;
     };
 

trunk/Source/JavaScriptCore/runtime/Heap.cpp

@@ -180 +180 @@
     ProtectCountSet::iterator end = m_protectedValues.end();
     for (ProtectCountSet::iterator it = m_protectedValues.begin(); it != end; ++it)
-        markStack.append(it->first);
+        markStack.deprecatedAppend(&it->first);
 }
 
@@ -205 +205 @@
         for (Vector<ValueStringPair>::iterator vectorIt = tempSortingVector->begin(); vectorIt != vectorEnd; ++vectorIt) {
             if (vectorIt->first)
-                markStack.append(vectorIt->first);
+                markStack.deprecatedAppend(&vectorIt->first);
         }
     }
@@ -256 +256 @@
         MarkedArgumentBuffer::markLists(markStack, *m_markListSet);
     if (m_globalData->exception)
-        markStack.append(m_globalData->exception);
+        markStack.append(&m_globalData->exception);
     if (m_globalData->firstStringifierToMark)
         JSONObject::markStringifiers(markStack, m_globalData->firstStringifierToMark);

trunk/Source/JavaScriptCore/runtime/InternalFunction.cpp

@@ -47 +47 @@
     : JSObjectWithGlobalObject(globalObject, structure)
 {
-    putDirect(globalData->propertyNames->name, jsString(globalData, name.isNull() ? "" : name.ustring()), DontDelete | ReadOnly | DontEnum);
+    putDirect(*globalData, globalData->propertyNames->name, jsString(globalData, name.isNull() ? "" : name.ustring()), DontDelete | ReadOnly | DontEnum);
 }
 

trunk/Source/JavaScriptCore/runtime/JSAPIValueWrapper.h

@@ -32 +32 @@
         friend JSValue jsAPIValueWrapper(ExecState*, JSValue);
     public:
-        JSValue value() const { return m_value; }
+        JSValue value() const { return m_value.get(); }
 
         virtual bool isAPIValueWrapper() const { return true; }
@@ -45 +45 @@
         JSAPIValueWrapper(ExecState* exec, JSValue value)
             : JSCell(exec->globalData().apiWrapperStructure.get())
-            , m_value(value)
         {
+            m_value.set(exec->globalData(), this, value);
             ASSERT(!value.isCell());
         }
 
-        JSValue m_value;
+        WriteBarrier<Unknown> m_value;
     };
 

trunk/Source/JavaScriptCore/runtime/JSActivation.cpp

@@ -62 +62 @@
 
     size_t count = numParametersMinusThis;
-    markStack.appendValues(registerArray, count);
+    markStack.deprecatedAppendValues(registerArray, count);
 
     size_t numVars = d()->functionExecutable->capturedVariableCount();
 
     // Skip the call frame, which sits between the parameters and vars.
-    markStack.appendValues(registerArray + count + RegisterFile::CallFrameHeaderSize, numVars, MayContainNullValues);
+    markStack.deprecatedAppendValues(registerArray + count + RegisterFile::CallFrameHeaderSize, numVars, MayContainNullValues);
 }
 
@@ -145 +145 @@
 }
 
-void JSActivation::put(ExecState*, const Identifier& propertyName, JSValue value, PutPropertySlot& slot)
+void JSActivation::put(ExecState* exec, const Identifier& propertyName, JSValue value, PutPropertySlot& slot)
 {
     ASSERT(!Heap::heap(value) || Heap::heap(value) == Heap::heap(this));
@@ -156 +156 @@
     // expose in the activation object.
     ASSERT(!hasGetterSetterProperties());
-    putDirect(propertyName, value, 0, true, slot);
+    putDirect(exec->globalData(), propertyName, value, 0, true, slot);
 }
 

trunk/Source/JavaScriptCore/runtime/JSArray.cpp

@@ -189 +189 @@
         m_storage->m_length = initialLength;
         m_storage->m_numValuesInVector = 0;
-        JSValue* vector = m_storage->m_vector;
+        WriteBarrier<Unknown>* vector = m_storage->m_vector;
         for (size_t i = 0; i < initialCapacity; ++i)
-            vector[i] = JSValue();
+            vector[i].clear();
     }
 
@@ -199 +199 @@
 }
 
-JSArray::JSArray(NonNullPassRefPtr<Structure> structure, const ArgList& list)
+JSArray::JSArray(JSGlobalData& globalData, NonNullPassRefPtr<Structure> structure, const ArgList& list)
     : JSObject(structure)
 {
@@ -226 +226 @@
 
     size_t i = 0;
-    JSValue* vector = m_storage->m_vector;
+    WriteBarrier<Unknown>* vector = m_storage->m_vector;
     ArgList::const_iterator end = list.end();
     for (ArgList::const_iterator it = list.begin(); it != end; ++it, ++i)
-        vector[i] = *it;
+        vector[i].set(globalData, this, *it);
     for (; i < initialStorage; i++)
-        vector[i] = JSValue();
+        vector[i].clear();
 
     checkConsistency();
@@ -258 +258 @@
 
     if (i < m_vectorLength) {
-        JSValue& valueSlot = storage->m_vector[i];
+        WriteBarrier<Unknown>& valueSlot = storage->m_vector[i];
         if (valueSlot) {
-            slot.setValueSlot(&valueSlot);
+            slot.setValueSlot(valueSlot.slot());
             return true;
         }
@@ -267 +267 @@
             SparseArrayValueMap::iterator it = map->find(i);
             if (it != map->end()) {
-                slot.setValueSlot(&it->second);
+                slot.setValueSlot(it->second.slot());
                 return true;
             }
@@ -306 +306 @@
             return false;
         if (i < m_vectorLength) {
-            JSValue& value = storage->m_vector[i];
+            WriteBarrier<Unknown>& value = storage->m_vector[i];
             if (value) {
-                descriptor.setDescriptor(value, 0);
+                descriptor.setDescriptor(value.get(), 0);
                 return true;
             }
@@ -315 +315 @@
                 SparseArrayValueMap::iterator it = map->find(i);
                 if (it != map->end()) {
-                    descriptor.setDescriptor(it->second, 0);
+                    descriptor.setDescriptor(it->second.get(), 0);
                     return true;
                 }
@@ -360 +360 @@
 
     if (i < m_vectorLength) {
-        JSValue& valueSlot = storage->m_vector[i];
+        WriteBarrier<Unknown>& valueSlot = storage->m_vector[i];
         if (valueSlot) {
-            valueSlot = value;
+            valueSlot.set(exec->globalData(), this, value);
             checkConsistency();
             return;
         }
-        valueSlot = value;
+        valueSlot.set(exec->globalData(), this, value);
         ++storage->m_numValuesInVector;
         checkConsistency();
@@ -396 +396 @@
             }
 
-            pair<SparseArrayValueMap::iterator, bool> result = map->add(i, value);
-            if (!result.second) { // pre-existing entry
-                result.first->second = value;
+            WriteBarrier<Unknown> temp;
+            pair<SparseArrayValueMap::iterator, bool> result = map->add(i, temp);
+            result.first->second.set(exec->globalData(), this, value);
+            if (!result.second) // pre-existing entry
                 return;
-            }
 
             size_t capacity = map->capacity();
@@ -416 +416 @@
         if (increaseVectorLength(i + 1)) {
             storage = m_storage;
-            storage->m_vector[i] = value;
+            storage->m_vector[i].set(exec->globalData(), this, value);
             ++storage->m_numValuesInVector;
             checkConsistency();
@@ -458 +458 @@
     
     unsigned vectorLength = m_vectorLength;
-    JSValue* vector = storage->m_vector;
+    WriteBarrier<Unknown>* vector = storage->m_vector;
 
     if (newNumValuesInVector == storage->m_numValuesInVector + 1) {
         for (unsigned j = vectorLength; j < newVectorLength; ++j)
-            vector[j] = JSValue();
+            vector[j].clear();
         if (i > MIN_SPARSE_ARRAY_INDEX)
             map->remove(i);
     } else {
         for (unsigned j = vectorLength; j < max(vectorLength, MIN_SPARSE_ARRAY_INDEX); ++j)
-            vector[j] = JSValue();
+            vector[j].clear();
+        JSGlobalData& globalData = exec->globalData();
         for (unsigned j = max(vectorLength, MIN_SPARSE_ARRAY_INDEX); j < newVectorLength; ++j)
-            vector[j] = map->take(j);
+            vector[j].set(globalData, this, map->take(j).get());
     }
 
@@ -477 +478 @@
     storage->m_numValuesInVector = newNumValuesInVector;
 
-    storage->m_vector[i] = value;
+    storage->m_vector[i].set(exec->globalData(), this, value);
 
     checkConsistency();
@@ -504 +505 @@
     
     if (i < m_vectorLength) {
-        JSValue& valueSlot = storage->m_vector[i];
+        WriteBarrier<Unknown>& valueSlot = storage->m_vector[i];
         if (!valueSlot) {
             checkConsistency();
             return false;
         }
-        valueSlot = JSValue();
+        valueSlot.clear();
         --storage->m_numValuesInVector;
         checkConsistency();
@@ -606 +607 @@
     m_storage->m_allocBase = baseStorage;
 
-    JSValue* vector = storage->m_vector;
+    WriteBarrier<Unknown>* vector = storage->m_vector;
     for (unsigned i = vectorLength; i < newVectorLength; ++i)
-        vector[i] = JSValue();
+        vector[i].clear();
 
     m_vectorLength = newVectorLength;
@@ -667 +668 @@
         unsigned usedVectorLength = min(length, m_vectorLength);
         for (unsigned i = newLength; i < usedVectorLength; ++i) {
-            JSValue& valueSlot = storage->m_vector[i];
+            WriteBarrier<Unknown>& valueSlot = storage->m_vector[i];
             bool hadValue = valueSlot;
-            valueSlot = JSValue();
+            valueSlot.clear();
             storage->m_numValuesInVector -= hadValue;
         }
@@ -707 +708 @@
 
     if (length < m_vectorLength) {
-        JSValue& valueSlot = storage->m_vector[length];
+        WriteBarrier<Unknown>& valueSlot = storage->m_vector[length];
         if (valueSlot) {
             --storage->m_numValuesInVector;
-            result = valueSlot;
-            valueSlot = JSValue();
+            result = valueSlot.get();
+            valueSlot.clear();
         } else
             result = jsUndefined();
@@ -719 +720 @@
             SparseArrayValueMap::iterator it = map->find(length);
             if (it != map->end()) {
-                result = it->second;
+                result = it->second.get();
                 map->remove(it);
                 if (map->isEmpty()) {
@@ -743 +744 @@
 
     if (storage->m_length < m_vectorLength) {
-        storage->m_vector[storage->m_length] = value;
+        storage->m_vector[storage->m_length].set(exec->globalData(), this, value);
         ++storage->m_numValuesInVector;
         ++storage->m_length;
@@ -755 +756 @@
             if (increaseVectorLength(storage->m_length + 1)) {
                 storage = m_storage;
-                storage->m_vector[storage->m_length] = value;
+                storage->m_vector[storage->m_length].set(exec->globalData(), this, value);
                 ++storage->m_numValuesInVector;
                 ++storage->m_length;
@@ -858 +859 @@
     }
 
-    JSValue* vector = m_storage->m_vector;
+    WriteBarrier<Unknown>* vector = m_storage->m_vector;
     for (int i = 0; i < count; i++)
-        vector[i] = JSValue();
+        vector[i].clear();
 }
 
@@ -942 +943 @@
 
     for (size_t i = 0; i < lengthNotIncludingUndefined; i++) {
-        JSValue value = storage->m_vector[i];
+        JSValue value = storage->m_vector[i].get();
         ASSERT(!value.isUndefined());
         values[i].first = value;
@@ -975 +976 @@
     if (storage->m_length < lengthNotIncludingUndefined)
         storage->m_length = lengthNotIncludingUndefined;
-        
+
+    JSGlobalData& globalData = exec->globalData();
     for (size_t i = 0; i < lengthNotIncludingUndefined; i++)
-        storage->m_vector[i] = values[i].first;
+        storage->m_vector[i].set(globalData, this, values[i].first);
 
     Heap::heap(this)->popTempSortVector(&values);
@@ -1106 +1108 @@
     // Iterate over the array, ignoring missing values, counting undefined ones, and inserting all other ones into the tree.
     for (; numDefined < usedVectorLength; ++numDefined) {
-        JSValue v = storage->m_vector[numDefined];
+        JSValue v = storage->m_vector[numDefined].get();
         if (!v || v.isUndefined())
             break;
@@ -1113 +1115 @@
     }
     for (unsigned i = numDefined; i < usedVectorLength; ++i) {
-        JSValue v = storage->m_vector[i];
+        JSValue v = storage->m_vector[i].get();
         if (v) {
             if (v.isUndefined())
@@ -1141 +1143 @@
         SparseArrayValueMap::iterator end = map->end();
         for (SparseArrayValueMap::iterator it = map->begin(); it != end; ++it) {
-            tree.abstractor().m_nodes[numDefined].value = it->second;
+            tree.abstractor().m_nodes[numDefined].value = it->second.get();
             tree.insert(numDefined);
             ++numDefined;
@@ -1158 +1160 @@
     AVLTree<AVLTreeAbstractorForArrayCompare, 44>::Iterator iter;
     iter.start_iter_least(tree);
+    JSGlobalData& globalData = exec->globalData();
     for (unsigned i = 0; i < numDefined; ++i) {
-        storage->m_vector[i] = tree.abstractor().m_nodes[*iter].value;
+        storage->m_vector[i].set(globalData, this, tree.abstractor().m_nodes[*iter].value);
         ++iter;
     }
@@ -1165 +1168 @@
     // Put undefined values back in.
     for (unsigned i = numDefined; i < newUsedVectorLength; ++i)
-        storage->m_vector[i] = jsUndefined();
+        storage->m_vector[i].setUndefined();
 
     // Ensure that unused values in the vector are zeroed out.
     for (unsigned i = newUsedVectorLength; i < usedVectorLength; ++i)
-        storage->m_vector[i] = JSValue();
+        storage->m_vector[i].clear();
 
     storage->m_numValuesInVector = newUsedVectorLength;
@@ -1180 +1183 @@
     ArrayStorage* storage = m_storage;
 
-    JSValue* vector = storage->m_vector;
+    WriteBarrier<Unknown>* vector = storage->m_vector;
     unsigned vectorEnd = min(storage->m_length, m_vectorLength);
     unsigned i = 0;
     for (; i < vectorEnd; ++i) {
-        JSValue& v = vector[i];
+        WriteBarrier<Unknown>& v = vector[i];
         if (!v)
             break;
-        args.append(v);
+        args.append(v.get());
     }
 
@@ -1198 +1201 @@
     ASSERT(m_storage->m_length >= maxSize);
     UNUSED_PARAM(maxSize);
-    JSValue* vector = m_storage->m_vector;
+    WriteBarrier<Unknown>* vector = m_storage->m_vector;
     unsigned vectorEnd = min(maxSize, m_vectorLength);
     unsigned i = 0;
     for (; i < vectorEnd; ++i) {
-        JSValue& v = vector[i];
+        WriteBarrier<Unknown>& v = vector[i];
         if (!v)
             break;
-        buffer[i] = v;
+        buffer[i] = v.get();
     }
 
@@ -1224 +1227 @@
 
     for (; numDefined < usedVectorLength; ++numDefined) {
-        JSValue v = storage->m_vector[numDefined];
+        JSValue v = storage->m_vector[numDefined].get();
         if (!v || v.isUndefined())
             break;
     }
+
     for (unsigned i = numDefined; i < usedVectorLength; ++i) {
-        JSValue v = storage->m_vector[i];
+        JSValue v = storage->m_vector[i].get();
         if (v) {
             if (v.isUndefined())
                 ++numUndefined;
             else
-                storage->m_vector[numDefined++] = v;
+                storage->m_vector[numDefined++].setWithoutWriteBarrier(v);
         }
     }
@@ -1253 +1257 @@
         SparseArrayValueMap::iterator end = map->end();
         for (SparseArrayValueMap::iterator it = map->begin(); it != end; ++it)
-            storage->m_vector[numDefined++] = it->second;
+            storage->m_vector[numDefined++].setWithoutWriteBarrier(it->second.get());
 
         delete map;
@@ -1260 +1264 @@
 
     for (unsigned i = numDefined; i < newUsedVectorLength; ++i)
-        storage->m_vector[i] = jsUndefined();
+        storage->m_vector[i].setUndefined();
     for (unsigned i = newUsedVectorLength; i < usedVectorLength; ++i)
-        storage->m_vector[i] = JSValue();
+        storage->m_vector[i].clear();
 
     storage->m_numValuesInVector = newUsedVectorLength;

trunk/Source/JavaScriptCore/runtime/JSArray.h

@@ -28 +28 @@
 namespace JSC {
 
-    typedef HashMap<unsigned, JSValue> SparseArrayValueMap;
+    typedef HashMap<unsigned, WriteBarrier<Unknown> > SparseArrayValueMap;
 
     // This struct holds the actual data values of an array.  A JSArray object points to it's contained ArrayStorage
@@ -45 +45 @@
         bool m_inCompactInitialization;
 #endif
-        JSValue m_vector[1];
+        WriteBarrier<Unknown> m_vector[1];
     };
 
@@ -68 +68 @@
         explicit JSArray(NonNullPassRefPtr<Structure>);
         JSArray(NonNullPassRefPtr<Structure>, unsigned initialLength, ArrayCreationMode);
-        JSArray(NonNullPassRefPtr<Structure>, const ArgList& initialValues);
+        JSArray(JSGlobalData&, NonNullPassRefPtr<Structure>, const ArgList& initialValues);
         virtual ~JSArray();
 
@@ -95 +95 @@
         {
             ASSERT(canGetIndex(i));
-            return m_storage->m_vector[i];
+            return m_storage->m_vector[i].get();
         }
 
         bool canSetIndex(unsigned i) { return i < m_vectorLength; }
-        void setIndex(unsigned i, JSValue v)
+        void setIndex(JSGlobalData& globalData, unsigned i, JSValue v)
         {
             ASSERT(canSetIndex(i));
             
-            JSValue& x = m_storage->m_vector[i];
+            WriteBarrier<Unknown>& x = m_storage->m_vector[i];
             if (!x) {
                 ArrayStorage *storage = m_storage;
@@ -110 +110 @@
                     storage->m_length = i + 1;
             }
-            x = v;
-        }
-        
-        void uncheckedSetIndex(unsigned i, JSValue v)
+            x.set(globalData, this, v);
+        }
+        
+        void uncheckedSetIndex(JSGlobalData& globalData, unsigned i, JSValue v)
         {
             ASSERT(canSetIndex(i));
@@ -120 +120 @@
             ASSERT(storage->m_inCompactInitialization);
 #endif
-            storage->m_vector[i] = v;
+            storage->m_vector[i].set(globalData, this, v);
         }
 
@@ -195 +195 @@
             SparseArrayValueMap::iterator end = map->end();
             for (SparseArrayValueMap::iterator it = map->begin(); it != end; ++it)
-                markStack.append(it->second);
+                markStack.append(&it->second);
         }
     }

trunk/Source/JavaScriptCore/runtime/JSByteArray.cpp

@@ -41 +41 @@
     , m_classInfo(classInfo)
 {
-    putDirect(exec->globalData().propertyNames->length, jsNumber(m_storage->length()), ReadOnly | DontDelete);
+    putDirect(exec->globalData(), exec->globalData().propertyNames->length, jsNumber(m_storage->length()), ReadOnly | DontDelete);
 }
 

trunk/Source/JavaScriptCore/runtime/JSCell.h

@@ -337 +337 @@
         return isCell() ? asCell()->toThisObject(exec) : toThisObjectSlowCase(exec);
     }
-
-    ALWAYS_INLINE void MarkStack::append(JSCell* cell)
+    
+    template <typename T> void MarkStack::append(DeprecatedPtr<T>* slot)
+    {
+        internalAppend(slot->get());
+    }
+    
+    template <typename T> void MarkStack::append(WriteBarrierBase<T>* slot)
+    {
+        internalAppend(slot->get());
+    }
+
+    ALWAYS_INLINE void MarkStack::internalAppend(JSCell* cell)
     {
         ASSERT(!m_isCheckingForDefaultMarkViolation);
@@ -348 +358 @@
     }
 
-    ALWAYS_INLINE void MarkStack::append(JSValue value)
+    ALWAYS_INLINE void MarkStack::deprecatedAppend(JSCell** value)
+    {
+        ASSERT(value);
+        internalAppend(*value);
+    }
+
+    ALWAYS_INLINE void MarkStack::deprecatedAppend(JSValue* value)
+    {
+        ASSERT(value);
+        internalAppend(*value);
+    }
+    
+    ALWAYS_INLINE void MarkStack::deprecatedAppend(Register* value)
+    {
+        ASSERT(value);
+        internalAppend(value->jsValue());
+    }
+
+    ALWAYS_INLINE void MarkStack::internalAppend(JSValue value)
     {
         ASSERT(value);
         if (value.isCell())
-            append(value.asCell());
+            internalAppend(value.asCell());
     }
 

trunk/Source/JavaScriptCore/runtime/JSFunction.cpp

@@ -72 +72 @@
     , m_scopeChain(globalObject->globalScopeChain())
 {
-    putDirect(exec->globalData().propertyNames->name, jsString(exec, name.isNull() ? "" : name.ustring()), DontDelete | ReadOnly | DontEnum);
-    putDirect(exec->propertyNames().length, jsNumber(length), DontDelete | ReadOnly | DontEnum);
+    putDirect(exec->globalData(), exec->globalData().propertyNames->name, jsString(exec, name.isNull() ? "" : name.ustring()), DontDelete | ReadOnly | DontEnum);
+    putDirect(exec->globalData(), exec->propertyNames().length, jsNumber(length), DontDelete | ReadOnly | DontEnum);
 }
 #endif
@@ -84 +84 @@
     , m_scopeChain(globalObject->globalScopeChain())
 {
-    putDirect(exec->globalData().propertyNames->name, jsString(exec, name.isNull() ? "" : name.ustring()), DontDelete | ReadOnly | DontEnum);
-#if ENABLE(JIT)
-    putDirect(exec->propertyNames().length, jsNumber(length), DontDelete | ReadOnly | DontEnum);
+    putDirect(exec->globalData(), exec->globalData().propertyNames->name, jsString(exec, name.isNull() ? "" : name.ustring()), DontDelete | ReadOnly | DontEnum);
+#if ENABLE(JIT)
+    putDirect(exec->globalData(), exec->propertyNames().length, jsNumber(length), DontDelete | ReadOnly | DontEnum);
 #else
     UNUSED_PARAM(length);
@@ -100 +100 @@
 {
     const Identifier& name = static_cast<FunctionExecutable*>(m_executable.get())->name();
-    putDirect(exec->globalData().propertyNames->name, jsString(exec, name.isNull() ? "" : name.ustring()), DontDelete | ReadOnly | DontEnum);
+    putDirect(exec->globalData(), exec->globalData().propertyNames->name, jsString(exec, name.isNull() ? "" : name.ustring()), DontDelete | ReadOnly | DontEnum);
 }
 
@@ -208 +208 @@
         if (!location) {
             JSObject* prototype = new (exec) JSObject(scope().globalObject()->emptyObjectStructure());
-            prototype->putDirect(exec->propertyNames().constructor, this, DontEnum);
-            putDirect(exec->propertyNames().prototype, prototype, DontDelete | DontEnum);
+            prototype->putDirect(exec->globalData(), exec->propertyNames().constructor, this, DontEnum);
+            putDirect(exec->globalData(), exec->propertyNames().prototype, prototype, DontDelete | DontEnum);
             location = getDirectLocation(propertyName);
         }

trunk/Source/JavaScriptCore/runtime/JSGlobalData.h

@@ -204 +204 @@
         Heap heap;
 
-        JSValue exception;
+        DeprecatedPtr<Unknown> exception;
 #if ENABLE(JIT)
         ReturnAddressPtr exceptionLocation;

trunk/Source/JavaScriptCore/runtime/JSGlobalObject.cpp

@@ -81 +81 @@
 static const int preferredScriptCheckTimeInterval = 1000;
 
-static inline void markIfNeeded(MarkStack& markStack, JSValue v)
-{
-    if (v)
+template <typename T> static inline void markIfNeeded(MarkStack& markStack, WriteBarrier<T>* v)
+{
+    if (*v)
         markStack.append(v);
 }
@@ -89 +89 @@
 static inline void markIfNeeded(MarkStack& markStack, const RefPtr<Structure>& s)
 {
-    if (s)
-        markIfNeeded(markStack, s->storedPrototype());
+    if (s && s->storedPrototype())
+        markStack.append(s->storedPrototypeSlot());
 }
 
@@ -203 +203 @@
     // Prototypes
 
-    d()->functionPrototype = new (exec) FunctionPrototype(exec, this, FunctionPrototype::createStructure(jsNull())); // The real prototype will be set once ObjectPrototype is created.
-    d()->prototypeFunctionStructure = PrototypeFunction::createStructure(d()->functionPrototype);
-    d()->internalFunctionStructure = InternalFunction::createStructure(d()->functionPrototype);
+    d()->functionPrototype.set(exec->globalData(), this, new (exec) FunctionPrototype(exec, this, FunctionPrototype::createStructure(jsNull()))); // The real prototype will be set once ObjectPrototype is created.
+    d()->prototypeFunctionStructure = PrototypeFunction::createStructure(d()->functionPrototype.get());
+    d()->internalFunctionStructure = InternalFunction::createStructure(d()->functionPrototype.get());
     NativeFunctionWrapper* callFunction = 0;
     NativeFunctionWrapper* applyFunction = 0;
     d()->functionPrototype->addFunctionProperties(exec, this, d()->prototypeFunctionStructure.get(), &callFunction, &applyFunction);
-    d()->callFunction = callFunction;
-    d()->applyFunction = applyFunction;
-    d()->objectPrototype = new (exec) ObjectPrototype(exec, this, ObjectPrototype::createStructure(jsNull()), d()->prototypeFunctionStructure.get());
-    d()->functionPrototype->structure()->setPrototypeWithoutTransition(d()->objectPrototype);
+    d()->callFunction.set(exec->globalData(), this, callFunction);
+    d()->applyFunction.set(exec->globalData(), this, applyFunction);
+    d()->objectPrototype.set(exec->globalData(), this, new (exec) ObjectPrototype(exec, this, ObjectPrototype::createStructure(jsNull()), d()->prototypeFunctionStructure.get()));
+    d()->functionPrototype->structure()->setPrototypeWithoutTransition(d()->objectPrototype.get());
 
     d()->emptyObjectStructure = d()->objectPrototype->inheritorID();
 
-    d()->functionStructure = JSFunction::createStructure(d()->functionPrototype);
-    d()->callbackFunctionStructure = JSCallbackFunction::createStructure(d()->functionPrototype);
-    d()->argumentsStructure = Arguments::createStructure(d()->objectPrototype);
-    d()->callbackConstructorStructure = JSCallbackConstructor::createStructure(d()->objectPrototype);
-    d()->callbackObjectStructure = JSCallbackObject<JSObjectWithGlobalObject>::createStructure(d()->objectPrototype);
-
-    d()->arrayPrototype = new (exec) ArrayPrototype(this, ArrayPrototype::createStructure(d()->objectPrototype));
-    d()->arrayStructure = JSArray::createStructure(d()->arrayPrototype);
-    d()->regExpMatchesArrayStructure = RegExpMatchesArray::createStructure(d()->arrayPrototype);
-
-    d()->stringPrototype = new (exec) StringPrototype(exec, this, StringPrototype::createStructure(d()->objectPrototype));
-    d()->stringObjectStructure = StringObject::createStructure(d()->stringPrototype);
-
-    d()->booleanPrototype = new (exec) BooleanPrototype(exec, this, BooleanPrototype::createStructure(d()->objectPrototype), d()->prototypeFunctionStructure.get());
-    d()->booleanObjectStructure = BooleanObject::createStructure(d()->booleanPrototype);
-
-    d()->numberPrototype = new (exec) NumberPrototype(exec, this, NumberPrototype::createStructure(d()->objectPrototype), d()->prototypeFunctionStructure.get());
-    d()->numberObjectStructure = NumberObject::createStructure(d()->numberPrototype);
-
-    d()->datePrototype = new (exec) DatePrototype(exec, this, DatePrototype::createStructure(d()->objectPrototype));
-    d()->dateStructure = DateInstance::createStructure(d()->datePrototype);
-
-    d()->regExpPrototype = new (exec) RegExpPrototype(exec, this, RegExpPrototype::createStructure(d()->objectPrototype), d()->prototypeFunctionStructure.get());
-    d()->regExpStructure = RegExpObject::createStructure(d()->regExpPrototype);
-
-    d()->methodCallDummy = constructEmptyObject(exec);
-
-    ErrorPrototype* errorPrototype = new (exec) ErrorPrototype(exec, this, ErrorPrototype::createStructure(d()->objectPrototype), d()->prototypeFunctionStructure.get());
+    d()->functionStructure = JSFunction::createStructure(d()->functionPrototype.get());
+    d()->callbackFunctionStructure = JSCallbackFunction::createStructure(d()->functionPrototype.get());
+    d()->argumentsStructure = Arguments::createStructure(d()->objectPrototype.get());
+    d()->callbackConstructorStructure = JSCallbackConstructor::createStructure(d()->objectPrototype.get());
+    d()->callbackObjectStructure = JSCallbackObject<JSObjectWithGlobalObject>::createStructure(d()->objectPrototype.get());
+
+    d()->arrayPrototype.set(exec->globalData(), this, new (exec) ArrayPrototype(this, ArrayPrototype::createStructure(d()->objectPrototype.get())));
+    d()->arrayStructure = JSArray::createStructure(d()->arrayPrototype.get());
+    d()->regExpMatchesArrayStructure = RegExpMatchesArray::createStructure(d()->arrayPrototype.get());
+
+    d()->stringPrototype.set(exec->globalData(), this, new (exec) StringPrototype(exec, this, StringPrototype::createStructure(d()->objectPrototype.get())));
+    d()->stringObjectStructure = StringObject::createStructure(d()->stringPrototype.get());
+
+    d()->booleanPrototype.set(exec->globalData(), this, new (exec) BooleanPrototype(exec, this, BooleanPrototype::createStructure(d()->objectPrototype.get()), d()->prototypeFunctionStructure.get()));
+    d()->booleanObjectStructure = BooleanObject::createStructure(d()->booleanPrototype.get());
+
+    d()->numberPrototype.set(exec->globalData(), this, new (exec) NumberPrototype(exec, this, NumberPrototype::createStructure(d()->objectPrototype.get()), d()->prototypeFunctionStructure.get()));
+    d()->numberObjectStructure = NumberObject::createStructure(d()->numberPrototype.get());
+
+    d()->datePrototype.set(exec->globalData(), this, new (exec) DatePrototype(exec, this, DatePrototype::createStructure(d()->objectPrototype.get())));
+    d()->dateStructure = DateInstance::createStructure(d()->datePrototype.get());
+
+    d()->regExpPrototype.set(exec->globalData(), this, new (exec) RegExpPrototype(exec, this, RegExpPrototype::createStructure(d()->objectPrototype.get()), d()->prototypeFunctionStructure.get()));
+    d()->regExpStructure = RegExpObject::createStructure(d()->regExpPrototype.get());
+
+    d()->methodCallDummy.set(exec->globalData(), this, constructEmptyObject(exec));
+
+    ErrorPrototype* errorPrototype = new (exec) ErrorPrototype(exec, this, ErrorPrototype::createStructure(d()->objectPrototype.get()), d()->prototypeFunctionStructure.get());
     d()->errorStructure = ErrorInstance::createStructure(errorPrototype);
 
     // Constructors
 
-    JSCell* objectConstructor = new (exec) ObjectConstructor(exec, this, ObjectConstructor::createStructure(d()->functionPrototype), d()->objectPrototype, d()->prototypeFunctionStructure.get());
-    JSCell* functionConstructor = new (exec) FunctionConstructor(exec, this, FunctionConstructor::createStructure(d()->functionPrototype), d()->functionPrototype);
-    JSCell* arrayConstructor = new (exec) ArrayConstructor(exec, this, ArrayConstructor::createStructure(d()->functionPrototype), d()->arrayPrototype, d()->prototypeFunctionStructure.get());
-    JSCell* stringConstructor = new (exec) StringConstructor(exec, this, StringConstructor::createStructure(d()->functionPrototype), d()->prototypeFunctionStructure.get(), d()->stringPrototype);
-    JSCell* booleanConstructor = new (exec) BooleanConstructor(exec, this, BooleanConstructor::createStructure(d()->functionPrototype), d()->booleanPrototype);
-    JSCell* numberConstructor = new (exec) NumberConstructor(exec, this, NumberConstructor::createStructure(d()->functionPrototype), d()->numberPrototype);
-    JSCell* dateConstructor = new (exec) DateConstructor(exec, this, DateConstructor::createStructure(d()->functionPrototype), d()->prototypeFunctionStructure.get(), d()->datePrototype);
-
-    d()->regExpConstructor = new (exec) RegExpConstructor(exec, this, RegExpConstructor::createStructure(d()->functionPrototype), d()->regExpPrototype);
-
-    d()->errorConstructor = new (exec) ErrorConstructor(exec, this, ErrorConstructor::createStructure(d()->functionPrototype), errorPrototype);
+    JSCell* objectConstructor = new (exec) ObjectConstructor(exec, this, ObjectConstructor::createStructure(d()->functionPrototype.get()), d()->objectPrototype.get(), d()->prototypeFunctionStructure.get());
+    JSCell* functionConstructor = new (exec) FunctionConstructor(exec, this, FunctionConstructor::createStructure(d()->functionPrototype.get()), d()->functionPrototype.get());
+    JSCell* arrayConstructor = new (exec) ArrayConstructor(exec, this, ArrayConstructor::createStructure(d()->functionPrototype.get()), d()->arrayPrototype.get(), d()->prototypeFunctionStructure.get());
+    JSCell* stringConstructor = new (exec) StringConstructor(exec, this, StringConstructor::createStructure(d()->functionPrototype.get()), d()->prototypeFunctionStructure.get(), d()->stringPrototype.get());
+    JSCell* booleanConstructor = new (exec) BooleanConstructor(exec, this, BooleanConstructor::createStructure(d()->functionPrototype.get()), d()->booleanPrototype.get());
+    JSCell* numberConstructor = new (exec) NumberConstructor(exec, this, NumberConstructor::createStructure(d()->functionPrototype.get()), d()->numberPrototype.get());
+    JSCell* dateConstructor = new (exec) DateConstructor(exec, this, DateConstructor::createStructure(d()->functionPrototype.get()), d()->prototypeFunctionStructure.get(), d()->datePrototype.get());
+
+    d()->regExpConstructor.set(exec->globalData(), this, new (exec) RegExpConstructor(exec, this, RegExpConstructor::createStructure(d()->functionPrototype.get()), d()->regExpPrototype.get()));
+
+    d()->errorConstructor.set(exec->globalData(), this, new (exec) ErrorConstructor(exec, this, ErrorConstructor::createStructure(d()->functionPrototype.get()), errorPrototype));
 
     RefPtr<Structure> nativeErrorPrototypeStructure = NativeErrorPrototype::createStructure(errorPrototype);
-    RefPtr<Structure> nativeErrorStructure = NativeErrorConstructor::createStructure(d()->functionPrototype);
-    d()->evalErrorConstructor = new (exec) NativeErrorConstructor(exec, this, nativeErrorStructure, nativeErrorPrototypeStructure, "EvalError");
-    d()->rangeErrorConstructor = new (exec) NativeErrorConstructor(exec, this, nativeErrorStructure, nativeErrorPrototypeStructure, "RangeError");
-    d()->referenceErrorConstructor = new (exec) NativeErrorConstructor(exec, this, nativeErrorStructure, nativeErrorPrototypeStructure, "ReferenceError");
-    d()->syntaxErrorConstructor = new (exec) NativeErrorConstructor(exec, this, nativeErrorStructure, nativeErrorPrototypeStructure, "SyntaxError");
-    d()->typeErrorConstructor = new (exec) NativeErrorConstructor(exec, this, nativeErrorStructure, nativeErrorPrototypeStructure, "TypeError");
-    d()->URIErrorConstructor = new (exec) NativeErrorConstructor(exec, this, nativeErrorStructure, nativeErrorPrototypeStructure, "URIError");
-
-    d()->objectPrototype->putDirectFunctionWithoutTransition(exec->propertyNames().constructor, objectConstructor, DontEnum);
-    d()->functionPrototype->putDirectFunctionWithoutTransition(exec->propertyNames().constructor, functionConstructor, DontEnum);
-    d()->arrayPrototype->putDirectFunctionWithoutTransition(exec->propertyNames().constructor, arrayConstructor, DontEnum);
-    d()->booleanPrototype->putDirectFunctionWithoutTransition(exec->propertyNames().constructor, booleanConstructor, DontEnum);
-    d()->stringPrototype->putDirectFunctionWithoutTransition(exec->propertyNames().constructor, stringConstructor, DontEnum);
-    d()->numberPrototype->putDirectFunctionWithoutTransition(exec->propertyNames().constructor, numberConstructor, DontEnum);
-    d()->datePrototype->putDirectFunctionWithoutTransition(exec->propertyNames().constructor, dateConstructor, DontEnum);
-    d()->regExpPrototype->putDirectFunctionWithoutTransition(exec->propertyNames().constructor, d()->regExpConstructor, DontEnum);
-    errorPrototype->putDirectFunctionWithoutTransition(exec->propertyNames().constructor, d()->errorConstructor, DontEnum);
+    RefPtr<Structure> nativeErrorStructure = NativeErrorConstructor::createStructure(d()->functionPrototype.get());
+    d()->evalErrorConstructor.set(exec->globalData(), this, new (exec) NativeErrorConstructor(exec, this, nativeErrorStructure, nativeErrorPrototypeStructure, "EvalError"));
+    d()->rangeErrorConstructor.set(exec->globalData(), this, new (exec) NativeErrorConstructor(exec, this, nativeErrorStructure, nativeErrorPrototypeStructure, "RangeError"));
+    d()->referenceErrorConstructor.set(exec->globalData(), this, new (exec) NativeErrorConstructor(exec, this, nativeErrorStructure, nativeErrorPrototypeStructure, "ReferenceError"));
+    d()->syntaxErrorConstructor.set(exec->globalData(), this, new (exec) NativeErrorConstructor(exec, this, nativeErrorStructure, nativeErrorPrototypeStructure, "SyntaxError"));
+    d()->typeErrorConstructor.set(exec->globalData(), this, new (exec) NativeErrorConstructor(exec, this, nativeErrorStructure, nativeErrorPrototypeStructure, "TypeError"));
+    d()->URIErrorConstructor.set(exec->globalData(), this, new (exec) NativeErrorConstructor(exec, this, nativeErrorStructure, nativeErrorPrototypeStructure, "URIError"));
+
+    d()->objectPrototype->putDirectFunctionWithoutTransition(exec->globalData(), exec->propertyNames().constructor, objectConstructor, DontEnum);
+    d()->functionPrototype->putDirectFunctionWithoutTransition(exec->globalData(), exec->propertyNames().constructor, functionConstructor, DontEnum);
+    d()->arrayPrototype->putDirectFunctionWithoutTransition(exec->globalData(), exec->propertyNames().constructor, arrayConstructor, DontEnum);
+    d()->booleanPrototype->putDirectFunctionWithoutTransition(exec->globalData(), exec->propertyNames().constructor, booleanConstructor, DontEnum);
+    d()->stringPrototype->putDirectFunctionWithoutTransition(exec->globalData(), exec->propertyNames().constructor, stringConstructor, DontEnum);
+    d()->numberPrototype->putDirectFunctionWithoutTransition(exec->globalData(), exec->propertyNames().constructor, numberConstructor, DontEnum);
+    d()->datePrototype->putDirectFunctionWithoutTransition(exec->globalData(), exec->propertyNames().constructor, dateConstructor, DontEnum);
+    d()->regExpPrototype->putDirectFunctionWithoutTransition(exec->globalData(), exec->propertyNames().constructor, d()->regExpConstructor.get(), DontEnum);
+    errorPrototype->putDirectFunctionWithoutTransition(exec->globalData(), exec->propertyNames().constructor, d()->errorConstructor.get(), DontEnum);
 
     // Set global constructors
@@ -283 +283 @@
     // FIXME: These properties could be handled by a static hash table.
 
-    putDirectFunctionWithoutTransition(Identifier(exec, "Object"), objectConstructor, DontEnum);
-    putDirectFunctionWithoutTransition(Identifier(exec, "Function"), functionConstructor, DontEnum);
-    putDirectFunctionWithoutTransition(Identifier(exec, "Array"), arrayConstructor, DontEnum);
-    putDirectFunctionWithoutTransition(Identifier(exec, "Boolean"), booleanConstructor, DontEnum);
-    putDirectFunctionWithoutTransition(Identifier(exec, "String"), stringConstructor, DontEnum);
-    putDirectFunctionWithoutTransition(Identifier(exec, "Number"), numberConstructor, DontEnum);
-    putDirectFunctionWithoutTransition(Identifier(exec, "Date"), dateConstructor, DontEnum);
-    putDirectFunctionWithoutTransition(Identifier(exec, "RegExp"), d()->regExpConstructor, DontEnum);
-    putDirectFunctionWithoutTransition(Identifier(exec, "Error"), d()->errorConstructor, DontEnum);
-    putDirectFunctionWithoutTransition(Identifier(exec, "EvalError"), d()->evalErrorConstructor, DontEnum);
-    putDirectFunctionWithoutTransition(Identifier(exec, "RangeError"), d()->rangeErrorConstructor, DontEnum);
-    putDirectFunctionWithoutTransition(Identifier(exec, "ReferenceError"), d()->referenceErrorConstructor, DontEnum);
-    putDirectFunctionWithoutTransition(Identifier(exec, "SyntaxError"), d()->syntaxErrorConstructor, DontEnum);
-    putDirectFunctionWithoutTransition(Identifier(exec, "TypeError"), d()->typeErrorConstructor, DontEnum);
-    putDirectFunctionWithoutTransition(Identifier(exec, "URIError"), d()->URIErrorConstructor, DontEnum);
+    putDirectFunctionWithoutTransition(exec->globalData(), Identifier(exec, "Object"), objectConstructor, DontEnum);
+    putDirectFunctionWithoutTransition(exec->globalData(), Identifier(exec, "Function"), functionConstructor, DontEnum);
+    putDirectFunctionWithoutTransition(exec->globalData(), Identifier(exec, "Array"), arrayConstructor, DontEnum);
+    putDirectFunctionWithoutTransition(exec->globalData(), Identifier(exec, "Boolean"), booleanConstructor, DontEnum);
+    putDirectFunctionWithoutTransition(exec->globalData(), Identifier(exec, "String"), stringConstructor, DontEnum);
+    putDirectFunctionWithoutTransition(exec->globalData(), Identifier(exec, "Number"), numberConstructor, DontEnum);
+    putDirectFunctionWithoutTransition(exec->globalData(), Identifier(exec, "Date"), dateConstructor, DontEnum);
+    putDirectFunctionWithoutTransition(exec->globalData(), Identifier(exec, "RegExp"), d()->regExpConstructor.get(), DontEnum);
+    putDirectFunctionWithoutTransition(exec->globalData(), Identifier(exec, "Error"), d()->errorConstructor.get(), DontEnum);
+    putDirectFunctionWithoutTransition(exec->globalData(), Identifier(exec, "EvalError"), d()->evalErrorConstructor.get(), DontEnum);
+    putDirectFunctionWithoutTransition(exec->globalData(), Identifier(exec, "RangeError"), d()->rangeErrorConstructor.get(), DontEnum);
+    putDirectFunctionWithoutTransition(exec->globalData(), Identifier(exec, "ReferenceError"), d()->referenceErrorConstructor.get(), DontEnum);
+    putDirectFunctionWithoutTransition(exec->globalData(), Identifier(exec, "SyntaxError"), d()->syntaxErrorConstructor.get(), DontEnum);
+    putDirectFunctionWithoutTransition(exec->globalData(), Identifier(exec, "TypeError"), d()->typeErrorConstructor.get(), DontEnum);
+    putDirectFunctionWithoutTransition(exec->globalData(), Identifier(exec, "URIError"), d()->URIErrorConstructor.get(), DontEnum);
 
     // Set global values.
     GlobalPropertyInfo staticGlobals[] = {
-        GlobalPropertyInfo(Identifier(exec, "Math"), new (exec) MathObject(exec, this, MathObject::createStructure(d()->objectPrototype)), DontEnum | DontDelete),
+        GlobalPropertyInfo(Identifier(exec, "Math"), new (exec) MathObject(exec, this, MathObject::createStructure(d()->objectPrototype.get())), DontEnum | DontDelete),
         GlobalPropertyInfo(Identifier(exec, "NaN"), jsNaN(), DontEnum | DontDelete | ReadOnly),
         GlobalPropertyInfo(Identifier(exec, "Infinity"), jsNumber(Inf), DontEnum | DontDelete | ReadOnly),
         GlobalPropertyInfo(Identifier(exec, "undefined"), jsUndefined(), DontEnum | DontDelete | ReadOnly),
-        GlobalPropertyInfo(Identifier(exec, "JSON"), new (exec) JSONObject(this, JSONObject::createStructure(d()->objectPrototype)), DontEnum | DontDelete)
+        GlobalPropertyInfo(Identifier(exec, "JSON"), new (exec) JSONObject(this, JSONObject::createStructure(d()->objectPrototype.get())), DontEnum | DontDelete)
     };
 
@@ -312 +312 @@
     // Set global functions.
 
-    d()->evalFunction = new (exec) GlobalEvalFunction(exec, this, GlobalEvalFunction::createStructure(d()->functionPrototype), 1, exec->propertyNames().eval, globalFuncEval, this);
-    putDirectFunctionWithoutTransition(exec, d()->evalFunction, DontEnum);
+    d()->evalFunction.set(exec->globalData(), this, new (exec) GlobalEvalFunction(exec, this, GlobalEvalFunction::createStructure(d()->functionPrototype.get()), 1, exec->propertyNames().eval, globalFuncEval, this));
+    putDirectFunctionWithoutTransition(exec, d()->evalFunction.get(), DontEnum);
     putDirectFunctionWithoutTransition(exec, new (exec) NativeFunctionWrapper(exec, this, d()->prototypeFunctionStructure.get(), 2, Identifier(exec, "parseInt"), globalFuncParseInt), DontEnum);
     putDirectFunctionWithoutTransition(exec, new (exec) NativeFunctionWrapper(exec, this, d()->prototypeFunctionStructure.get(), 1, Identifier(exec, "parseFloat"), globalFuncParseFloat), DontEnum);
@@ -337 +337 @@
 
     JSObject* oldLastInPrototypeChain = lastInPrototypeChain(this);
-    JSObject* objectPrototype = d()->objectPrototype;
+    JSObject* objectPrototype = d()->objectPrototype.get();
     if (oldLastInPrototypeChain != objectPrototype)
         oldLastInPrototypeChain->setPrototype(objectPrototype);
@@ -350 +350 @@
         (*it)->markAggregate(markStack);
 
-    markIfNeeded(markStack, d()->regExpConstructor);
-    markIfNeeded(markStack, d()->errorConstructor);
-    markIfNeeded(markStack, d()->evalErrorConstructor);
-    markIfNeeded(markStack, d()->rangeErrorConstructor);
-    markIfNeeded(markStack, d()->referenceErrorConstructor);
-    markIfNeeded(markStack, d()->syntaxErrorConstructor);
-    markIfNeeded(markStack, d()->typeErrorConstructor);
-    markIfNeeded(markStack, d()->URIErrorConstructor);
-
-    markIfNeeded(markStack, d()->evalFunction);
-    markIfNeeded(markStack, d()->callFunction);
-    markIfNeeded(markStack, d()->applyFunction);
-
-    markIfNeeded(markStack, d()->objectPrototype);
-    markIfNeeded(markStack, d()->functionPrototype);
-    markIfNeeded(markStack, d()->arrayPrototype);
-    markIfNeeded(markStack, d()->booleanPrototype);
-    markIfNeeded(markStack, d()->stringPrototype);
-    markIfNeeded(markStack, d()->numberPrototype);
-    markIfNeeded(markStack, d()->datePrototype);
-    markIfNeeded(markStack, d()->regExpPrototype);
-
-    markIfNeeded(markStack, d()->methodCallDummy);
+    markIfNeeded(markStack, &d()->regExpConstructor);
+    markIfNeeded(markStack, &d()->errorConstructor);
+    markIfNeeded(markStack, &d()->evalErrorConstructor);
+    markIfNeeded(markStack, &d()->rangeErrorConstructor);
+    markIfNeeded(markStack, &d()->referenceErrorConstructor);
+    markIfNeeded(markStack, &d()->syntaxErrorConstructor);
+    markIfNeeded(markStack, &d()->typeErrorConstructor);
+    markIfNeeded(markStack, &d()->URIErrorConstructor);
+
+    markIfNeeded(markStack, &d()->evalFunction);
+    markIfNeeded(markStack, &d()->callFunction);
+    markIfNeeded(markStack, &d()->applyFunction);
+
+    markIfNeeded(markStack, &d()->objectPrototype);
+    markIfNeeded(markStack, &d()->functionPrototype);
+    markIfNeeded(markStack, &d()->arrayPrototype);
+    markIfNeeded(markStack, &d()->booleanPrototype);
+    markIfNeeded(markStack, &d()->stringPrototype);
+    markIfNeeded(markStack, &d()->numberPrototype);
+    markIfNeeded(markStack, &d()->datePrototype);
+    markIfNeeded(markStack, &d()->regExpPrototype);
+
+    markIfNeeded(markStack, &d()->methodCallDummy);
 
     markIfNeeded(markStack, d()->errorStructure);
@@ -397 +397 @@
         // Outside the execution of global code, when our variables are torn off,
         // we can mark the torn-off array.
-        markStack.appendValues(d()->registerArray.get(), d()->registerArraySize);
+        markStack.deprecatedAppendValues(d()->registerArray.get(), d()->registerArraySize);
     } else if (d()->registers) {
         // During execution of global code, when our variables are in the register file,
         // the symbol table tells us how many variables there are, and registers
         // points to where they end, and the registers used for execution begin.
-        markStack.appendValues(d()->registers - symbolTable().size(), symbolTable().size());
+        markStack.deprecatedAppendValues(d()->registers - symbolTable().size(), symbolTable().size());
     }
 }

trunk/Source/JavaScriptCore/runtime/JSGlobalObject.h

@@ -74 +74 @@
                 , registerArraySize(0)
                 , globalScopeChain(NoScopeChain())
-                , regExpConstructor(0)
-                , errorConstructor(0)
-                , evalErrorConstructor(0)
-                , rangeErrorConstructor(0)
-                , referenceErrorConstructor(0)
-                , syntaxErrorConstructor(0)
-                , typeErrorConstructor(0)
-                , URIErrorConstructor(0)
-                , evalFunction(0)
-                , callFunction(0)
-                , applyFunction(0)
-                , objectPrototype(0)
-                , functionPrototype(0)
-                , arrayPrototype(0)
-                , booleanPrototype(0)
-                , stringPrototype(0)
-                , numberPrototype(0)
-                , datePrototype(0)
-                , regExpPrototype(0)
-                , methodCallDummy(0)
                 , weakRandom(static_cast<unsigned>(randomNumber() * (std::numeric_limits<unsigned>::max() + 1.0)))
             {
@@ -110 +90 @@
             Register globalCallFrame[RegisterFile::CallFrameHeaderSize];
 
-            RegExpConstructor* regExpConstructor;
-            ErrorConstructor* errorConstructor;
-            NativeErrorConstructor* evalErrorConstructor;
-            NativeErrorConstructor* rangeErrorConstructor;
-            NativeErrorConstructor* referenceErrorConstructor;
-            NativeErrorConstructor* syntaxErrorConstructor;
-            NativeErrorConstructor* typeErrorConstructor;
-            NativeErrorConstructor* URIErrorConstructor;
-
-            GlobalEvalFunction* evalFunction;
-            NativeFunctionWrapper* callFunction;
-            NativeFunctionWrapper* applyFunction;
-
-            ObjectPrototype* objectPrototype;
-            FunctionPrototype* functionPrototype;
-            ArrayPrototype* arrayPrototype;
-            BooleanPrototype* booleanPrototype;
-            StringPrototype* stringPrototype;
-            NumberPrototype* numberPrototype;
-            DatePrototype* datePrototype;
-            RegExpPrototype* regExpPrototype;
-
-            JSObject* methodCallDummy;
+            WriteBarrier<RegExpConstructor> regExpConstructor;
+            WriteBarrier<ErrorConstructor> errorConstructor;
+            WriteBarrier<NativeErrorConstructor> evalErrorConstructor;
+            WriteBarrier<NativeErrorConstructor> rangeErrorConstructor;
+            WriteBarrier<NativeErrorConstructor> referenceErrorConstructor;
+            WriteBarrier<NativeErrorConstructor> syntaxErrorConstructor;
+            WriteBarrier<NativeErrorConstructor> typeErrorConstructor;
+            WriteBarrier<NativeErrorConstructor> URIErrorConstructor;
+
+            WriteBarrier<GlobalEvalFunction> evalFunction;
+            WriteBarrier<NativeFunctionWrapper> callFunction;
+            WriteBarrier<NativeFunctionWrapper> applyFunction;
+
+            WriteBarrier<ObjectPrototype> objectPrototype;
+            WriteBarrier<FunctionPrototype> functionPrototype;
+            WriteBarrier<ArrayPrototype> arrayPrototype;
+            WriteBarrier<BooleanPrototype> booleanPrototype;
+            WriteBarrier<StringPrototype> stringPrototype;
+            WriteBarrier<NumberPrototype> numberPrototype;
+            WriteBarrier<DatePrototype> datePrototype;
+            WriteBarrier<RegExpPrototype> regExpPrototype;
+
+            WriteBarrier<JSObject> methodCallDummy;
 
             RefPtr<Structure> argumentsStructure;
@@ -210 +190 @@
         // replaces the global object's associated property.
 
-        RegExpConstructor* regExpConstructor() const { return d()->regExpConstructor; }
-
-        ErrorConstructor* errorConstructor() const { return d()->errorConstructor; }
-        NativeErrorConstructor* evalErrorConstructor() const { return d()->evalErrorConstructor; }
-        NativeErrorConstructor* rangeErrorConstructor() const { return d()->rangeErrorConstructor; }
-        NativeErrorConstructor* referenceErrorConstructor() const { return d()->referenceErrorConstructor; }
-        NativeErrorConstructor* syntaxErrorConstructor() const { return d()->syntaxErrorConstructor; }
-        NativeErrorConstructor* typeErrorConstructor() const { return d()->typeErrorConstructor; }
-        NativeErrorConstructor* URIErrorConstructor() const { return d()->URIErrorConstructor; }
-
-        GlobalEvalFunction* evalFunction() const { return d()->evalFunction; }
-
-        ObjectPrototype* objectPrototype() const { return d()->objectPrototype; }
-        FunctionPrototype* functionPrototype() const { return d()->functionPrototype; }
-        ArrayPrototype* arrayPrototype() const { return d()->arrayPrototype; }
-        BooleanPrototype* booleanPrototype() const { return d()->booleanPrototype; }
-        StringPrototype* stringPrototype() const { return d()->stringPrototype; }
-        NumberPrototype* numberPrototype() const { return d()->numberPrototype; }
-        DatePrototype* datePrototype() const { return d()->datePrototype; }
-        RegExpPrototype* regExpPrototype() const { return d()->regExpPrototype; }
-
-        JSObject* methodCallDummy() const { return d()->methodCallDummy; }
+        RegExpConstructor* regExpConstructor() const { return d()->regExpConstructor.get(); }
+
+        ErrorConstructor* errorConstructor() const { return d()->errorConstructor.get(); }
+        NativeErrorConstructor* evalErrorConstructor() const { return d()->evalErrorConstructor.get(); }
+        NativeErrorConstructor* rangeErrorConstructor() const { return d()->rangeErrorConstructor.get(); }
+        NativeErrorConstructor* referenceErrorConstructor() const { return d()->referenceErrorConstructor.get(); }
+        NativeErrorConstructor* syntaxErrorConstructor() const { return d()->syntaxErrorConstructor.get(); }
+        NativeErrorConstructor* typeErrorConstructor() const { return d()->typeErrorConstructor.get(); }
+        NativeErrorConstructor* URIErrorConstructor() const { return d()->URIErrorConstructor.get(); }
+
+        GlobalEvalFunction* evalFunction() const { return d()->evalFunction.get(); }
+
+        ObjectPrototype* objectPrototype() const { return d()->objectPrototype.get(); }
+        FunctionPrototype* functionPrototype() const { return d()->functionPrototype.get(); }
+        ArrayPrototype* arrayPrototype() const { return d()->arrayPrototype.get(); }
+        BooleanPrototype* booleanPrototype() const { return d()->booleanPrototype.get(); }
+        StringPrototype* stringPrototype() const { return d()->stringPrototype.get(); }
+        NumberPrototype* numberPrototype() const { return d()->numberPrototype.get(); }
+        DatePrototype* datePrototype() const { return d()->datePrototype.get(); }
+        RegExpPrototype* regExpPrototype() const { return d()->regExpPrototype.get(); }
+
+        JSObject* methodCallDummy() const { return d()->methodCallDummy.get(); }
 
         Structure* argumentsStructure() const { return d()->argumentsStructure.get(); }
@@ -386 +366 @@
     {
         if (typeInfo().type() == ObjectType)
-            return m_prototype;
+            return m_prototype.get();
 
         ASSERT(typeInfo().type() == StringType);
@@ -458 +438 @@
         MarkedArgumentBuffer values;
         values.append(singleItemValue);
-        return new (exec) JSArray(exec->lexicalGlobalObject()->arrayStructure(), values);
+        return new (exec) JSArray(exec->globalData(), exec->lexicalGlobalObject()->arrayStructure(), values);
     }
 
     inline JSArray* constructArray(ExecState* exec, const ArgList& values)
     {
-        return new (exec) JSArray(exec->lexicalGlobalObject()->arrayStructure(), values);
+        return new (exec) JSArray(exec->globalData(), exec->lexicalGlobalObject()->arrayStructure(), values);
     }
 

trunk/Source/JavaScriptCore/runtime/JSONObject.cpp

@@ -85 +85 @@
         Holder(JSObject*);
 
-        JSObject* object() const { return m_object; }
+        JSObject* object() const { return m_object.get(); }
+        DeprecatedPtr<JSObject>* objectSlot() { return &m_object; }
 
         bool appendNextProperty(Stringifier&, UStringBuilder&);
 
     private:
-        JSObject* const m_object;
+        DeprecatedPtr<JSObject> m_object;
         const bool m_isArray;
         bool m_isJSArray;
@@ -259 +260 @@
         size_t size = m_holderStack.size();
         for (size_t i = 0; i < size; ++i)
-            markStack.append(m_holderStack[i].object());
+            markStack.append(m_holderStack[i].objectSlot());
     }
 }
@@ -270 +271 @@
 
     PropertyNameForFunctionCall emptyPropertyName(m_exec->globalData().propertyNames->emptyIdentifier);
-    object->putDirect(m_exec->globalData().propertyNames->emptyIdentifier, value);
+    object->putDirect(m_exec->globalData(), m_exec->globalData().propertyNames->emptyIdentifier, value);
 
     UStringBuilder result;
@@ -500 +501 @@
     if (!m_index) {
         if (m_isArray) {
-            m_isJSArray = isJSArray(&exec->globalData(), m_object);
+            m_isJSArray = isJSArray(&exec->globalData(), m_object.get());
             m_size = m_object->get(exec, exec->globalData().propertyNames->length).toUInt32(exec);
             builder.append('[');
@@ -533 +534 @@
         // Get the value.
         JSValue value;
-        if (m_isJSArray && asArray(m_object)->canGetIndex(index))
-            value = asArray(m_object)->getIndex(index);
+        if (m_isJSArray && asArray(m_object.get())->canGetIndex(index))
+            value = asArray(m_object.get())->getIndex(index);
         else {
-            PropertySlot slot(m_object);
+            PropertySlot slot(m_object.get());
             if (!m_object->getOwnPropertySlot(exec, index, slot))
                 slot.setUndefined();
@@ -550 +551 @@
 
         // Append the stringified value.
-        stringifyResult = stringifier.appendStringifiedValue(builder, value, m_object, index);
+        stringifyResult = stringifier.appendStringifiedValue(builder, value, m_object.get(), index);
     } else {
         // Get the value.
-        PropertySlot slot(m_object);
+        PropertySlot slot(m_object.get());
         Identifier& propertyName = m_propertyNames->propertyNameVector()[index];
         if (!m_object->getOwnPropertySlot(exec, propertyName, slot))
@@ -575 +576 @@
 
         // Append the stringified value.
-        stringifyResult = stringifier.appendStringifiedValue(builder, value, m_object, propertyName);
+        stringifyResult = stringifier.appendStringifiedValue(builder, value, m_object.get(), propertyName);
     }
 
@@ -642 +643 @@
         JSValue args[] = { property, unfiltered };
         ArgList argList(args, 2);
-        return call(m_exec, m_function, m_callType, m_callData, thisObj, argList);
+        return call(m_exec, m_function.get(), m_callType, m_callData, thisObj, argList);
     }
 
@@ -648 +649 @@
 
     ExecState* m_exec;
-    JSObject* m_function;
+    DeprecatedPtr<JSObject> m_function;
     CallType m_callType;
     CallData m_callData;
@@ -727 +728 @@
                 else {
                     if (isJSArray(&m_exec->globalData(), array) && array->canSetIndex(indexStack.last()))
-                        array->setIndex(indexStack.last(), filteredValue);
+                        array->setIndex(m_exec->globalData(), indexStack.last(), filteredValue);
                     else
                         array->put(m_exec, indexStack.last(), filteredValue);

trunk/Source/JavaScriptCore/runtime/JSObject.cpp

@@ -313 +313 @@
     if (object && object.isGetterSetter()) {
         ASSERT(m_structure->hasGetterSetterProperties());
-        asGetterSetter(object)->setGetter(getterFunction);
+        asGetterSetter(object)->setGetter(exec->globalData(), getterFunction);
         return;
     }
@@ -332 +332 @@
 
     m_structure->setHasGetterSetterProperties(true);
-    getterSetter->setGetter(getterFunction);
+    getterSetter->setGetter(exec->globalData(), getterFunction);
 }
 
@@ -340 +340 @@
     if (object && object.isGetterSetter()) {
         ASSERT(m_structure->hasGetterSetterProperties());
-        asGetterSetter(object)->setSetter(setterFunction);
+        asGetterSetter(object)->setSetter(exec->globalData(), setterFunction);
         return;
     }
@@ -359 +359 @@
 
     m_structure->setHasGetterSetterProperties(true);
-    getterSetter->setSetter(setterFunction);
+    getterSetter->setSetter(exec->globalData(), setterFunction);
 }
 
@@ -513 +513 @@
         offset = m_structure->removePropertyWithoutTransition(propertyName);
         if (offset != WTF::notFound)
-            putDirectOffset(offset, jsUndefined());
+            putUndefinedAtDirectOffset(offset);
         return;
     }
@@ -520 +520 @@
     setStructure(structure.release());
     if (offset != WTF::notFound)
-        putDirectOffset(offset, jsUndefined());
+        putUndefinedAtDirectOffset(offset);
 }
 
 void JSObject::putDirectFunction(ExecState* exec, InternalFunction* function, unsigned attr)
 {
-    putDirectFunction(Identifier(exec, function->name(exec)), function, attr);
+    putDirectFunction(exec->globalData(), Identifier(exec, function->name(exec)), function, attr);
 }
 
 void JSObject::putDirectFunction(ExecState* exec, JSFunction* function, unsigned attr)
 {
-    putDirectFunction(Identifier(exec, function->name(exec)), function, attr);
+    putDirectFunction(exec->globalData(), Identifier(exec, function->name(exec)), function, attr);
 }
 
 void JSObject::putDirectFunctionWithoutTransition(ExecState* exec, InternalFunction* function, unsigned attr)
 {
-    putDirectFunctionWithoutTransition(Identifier(exec, function->name(exec)), function, attr);
+    putDirectFunctionWithoutTransition(exec->globalData(), Identifier(exec, function->name(exec)), function, attr);
 }
 
 void JSObject::putDirectFunctionWithoutTransition(ExecState* exec, JSFunction* function, unsigned attr)
 {
-    putDirectFunctionWithoutTransition(Identifier(exec, function->name(exec)), function, attr);
+    putDirectFunctionWithoutTransition(exec->globalData(), Identifier(exec, function->name(exec)), function, attr);
 }
 
@@ -596 +596 @@
             if (oldDescriptor.getter()) {
                 attributes |= Getter;
-                accessor->setGetter(asObject(oldDescriptor.getter()));
+                accessor->setGetter(exec->globalData(), asObject(oldDescriptor.getter()));
             }
             if (oldDescriptor.setter()) {
                 attributes |= Setter;
-                accessor->setSetter(asObject(oldDescriptor.setter()));
+                accessor->setSetter(exec->globalData(), asObject(oldDescriptor.setter()));
             }
             target->putWithAttributes(exec, propertyName, accessor, attributes);
@@ -721 +721 @@
     if (current.attributesEqual(descriptor)) {
         if (descriptor.setter())
-            getterSetter->setSetter(asObject(descriptor.setter()));
+            getterSetter->setSetter(exec->globalData(), asObject(descriptor.setter()));
         if (descriptor.getter())
-            getterSetter->setGetter(asObject(descriptor.getter()));
+            getterSetter->setGetter(exec->globalData(), asObject(descriptor.getter()));
         return true;
     }
@@ -732 +732 @@
     if (descriptor.getter())
         attrs |= Getter;
-    putDirect(propertyName, getterSetter, attrs);
+    putDirect(exec->globalData(), propertyName, getterSetter, attrs);
     return true;
 }

trunk/Source/JavaScriptCore/runtime/JSObject.h

@@ -71 +71 @@
     };
 
-    typedef EncodedJSValue* PropertyStorage;
-    typedef const EncodedJSValue* ConstPropertyStorage;
+    typedef WriteBarrierBase<Unknown>* PropertyStorage;
+    typedef const WriteBarrierBase<Unknown>* ConstPropertyStorage;
 
     class JSObject : public JSCell {
@@ -180 +180 @@
         bool hasGetterSetterProperties() { return m_structure->hasGetterSetterProperties(); }
 
-        bool putDirect(const Identifier& propertyName, JSValue value, unsigned attr, bool checkReadOnly, PutPropertySlot& slot);
-        void putDirect(const Identifier& propertyName, JSValue value, unsigned attr = 0);
-        bool putDirect(const Identifier& propertyName, JSValue value, PutPropertySlot&);
-
-        void putDirectFunction(const Identifier& propertyName, JSCell* value, unsigned attr = 0);
-        void putDirectFunction(const Identifier& propertyName, JSCell* value, unsigned attr, bool checkReadOnly, PutPropertySlot& slot);
+        bool putDirect(JSGlobalData&, const Identifier& propertyName, JSValue, unsigned attr, bool checkReadOnly, PutPropertySlot&);
+        void putDirect(JSGlobalData&, const Identifier& propertyName, JSValue, unsigned attr = 0);
+        bool putDirect(JSGlobalData&, const Identifier& propertyName, JSValue, PutPropertySlot&);
+
+        void putDirectFunction(JSGlobalData&, const Identifier& propertyName, JSCell*, unsigned attr = 0);
+        void putDirectFunction(JSGlobalData&, const Identifier& propertyName, JSCell*, unsigned attr, bool checkReadOnly, PutPropertySlot&);
         void putDirectFunction(ExecState* exec, InternalFunction* function, unsigned attr = 0);
         void putDirectFunction(ExecState* exec, JSFunction* function, unsigned attr = 0);
 
-        void putDirectWithoutTransition(const Identifier& propertyName, JSValue value, unsigned attr = 0);
-        void putDirectFunctionWithoutTransition(const Identifier& propertyName, JSCell* value, unsigned attr = 0);
+        void putDirectWithoutTransition(JSGlobalData&, const Identifier& propertyName, JSValue, unsigned attr = 0);
+        void putDirectFunctionWithoutTransition(JSGlobalData&, const Identifier& propertyName, JSCell* value, unsigned attr = 0);
         void putDirectFunctionWithoutTransition(ExecState* exec, InternalFunction* function, unsigned attr = 0);
         void putDirectFunctionWithoutTransition(ExecState* exec, JSFunction* function, unsigned attr = 0);
 
         // Fast access to known property offsets.
-        JSValue getDirectOffset(size_t offset) const { return JSValue::decode(propertyStorage()[offset]); }
-        void putDirectOffset(size_t offset, JSValue value) { propertyStorage()[offset] = JSValue::encode(value); }
+        JSValue getDirectOffset(size_t offset) const { return propertyStorage()[offset].get(); }
+        void putDirectOffset(JSGlobalData& globalData, size_t offset, JSValue value) { propertyStorage()[offset].set(globalData, this, value); }
+        void putUndefinedAtDirectOffset(size_t offset) { propertyStorage()[offset].setUndefined(); }
 
         void fillGetterPropertySlot(PropertySlot&, JSValue* location);
@@ -226 +227 @@
         }
 
-        void flattenDictionaryObject()
-        {
-            m_structure->flattenDictionaryStructure(this);
+        void flattenDictionaryObject(JSGlobalData& globalData)
+        {
+            m_structure->flattenDictionaryStructure(globalData, this);
         }
 
@@ -268 +269 @@
         }
 
-        bool putDirectInternal(const Identifier& propertyName, JSValue value, unsigned attr, bool checkReadOnly, PutPropertySlot& slot, JSCell*);
-        bool putDirectInternal(JSGlobalData&, const Identifier& propertyName, JSValue value, unsigned attr, bool checkReadOnly, PutPropertySlot& slot);
+        bool putDirectInternal(JSGlobalData&, const Identifier& propertyName, JSValue, unsigned attr, bool checkReadOnly, PutPropertySlot&, JSCell*);
+        bool putDirectInternal(JSGlobalData&, const Identifier& propertyName, JSValue, unsigned attr, bool checkReadOnly, PutPropertySlot&);
         void putDirectInternal(JSGlobalData&, const Identifier& propertyName, JSValue value, unsigned attr = 0);
 
@@ -279 +280 @@
         union {
             PropertyStorage m_externalStorage;
-            EncodedJSValue m_inlineStorage[inlineStorageCapacity];
+            WriteBarrierBase<Unknown> m_inlineStorage[inlineStorageCapacity];
         };
 
@@ -451 +452 @@
 }
 
-inline bool JSObject::putDirectInternal(const Identifier& propertyName, JSValue value, unsigned attributes, bool checkReadOnly, PutPropertySlot& slot, JSCell* specificFunction)
+inline bool JSObject::putDirectInternal(JSGlobalData& globalData, const Identifier& propertyName, JSValue value, unsigned attributes, bool checkReadOnly, PutPropertySlot& slot, JSCell* specificFunction)
 {
     ASSERT(value);
@@ -468 +469 @@
                 return false;
 
-            putDirectOffset(offset, value);
+            putDirectOffset(globalData, offset, value);
             // At this point, the objects structure only has a specific value set if previously there
             // had been one set, and if the new value being specified is the same (otherwise we would
@@ -486 +487 @@
 
         ASSERT(offset < m_structure->propertyStorageCapacity());
-        putDirectOffset(offset, value);
+        putDirectOffset(globalData, offset, value);
         // See comment on setNewProperty call below.
         if (!specificFunction)
@@ -501 +502 @@
         ASSERT(offset < structure->propertyStorageCapacity());
         setStructure(structure.release());
-        putDirectOffset(offset, value);
+        putDirectOffset(globalData, offset, value);
         // This is a new property; transitions with specific values are not currently cachable,
         // so leave the slot in an uncachable state.
@@ -528 +529 @@
             // case (1) Do the put, then return leaving the slot uncachable.
             if (specificFunction == currentSpecificFunction) {
-                putDirectOffset(offset, value);
+                putDirectOffset(globalData, offset, value);
                 return true;
             }
@@ -537 +538 @@
         // case (3) set the slot, do the put, return.
         slot.setExistingProperty(this, offset);
-        putDirectOffset(offset, value);
+        putDirectOffset(globalData, offset, value);
         return true;
     }
@@ -558 +559 @@
     ASSERT(offset < structure->propertyStorageCapacity());
     setStructure(structure.release());
-    putDirectOffset(offset, value);
+    putDirectOffset(globalData, offset, value);
     // This is a new property; transitions with specific values are not currently cachable,
     // so leave the slot in an uncachable state.
@@ -571 +572 @@
     ASSERT(!Heap::heap(value) || Heap::heap(value) == Heap::heap(this));
 
-    return putDirectInternal(propertyName, value, attributes, checkReadOnly, slot, getJSFunction(globalData, value));
+    return putDirectInternal(globalData, propertyName, value, attributes, checkReadOnly, slot, getJSFunction(globalData, value));
 }
 
@@ -577 +578 @@
 {
     PutPropertySlot slot;
-    putDirectInternal(propertyName, value, attributes, false, slot, getJSFunction(globalData, value));
-}
-
-inline bool JSObject::putDirect(const Identifier& propertyName, JSValue value, unsigned attributes, bool checkReadOnly, PutPropertySlot& slot)
+    putDirectInternal(globalData, propertyName, value, attributes, false, slot, getJSFunction(globalData, value));
+}
+
+inline bool JSObject::putDirect(JSGlobalData& globalData, const Identifier& propertyName, JSValue value, unsigned attributes, bool checkReadOnly, PutPropertySlot& slot)
 {
     ASSERT(value);
     ASSERT(!Heap::heap(value) || Heap::heap(value) == Heap::heap(this));
 
-    return putDirectInternal(propertyName, value, attributes, checkReadOnly, slot, 0);
-}
-
-inline void JSObject::putDirect(const Identifier& propertyName, JSValue value, unsigned attributes)
+    return putDirectInternal(globalData, propertyName, value, attributes, checkReadOnly, slot, 0);
+}
+
+inline void JSObject::putDirect(JSGlobalData& globalData, const Identifier& propertyName, JSValue value, unsigned attributes)
 {
     PutPropertySlot slot;
-    putDirectInternal(propertyName, value, attributes, false, slot, 0);
-}
-
-inline bool JSObject::putDirect(const Identifier& propertyName, JSValue value, PutPropertySlot& slot)
-{
-    return putDirectInternal(propertyName, value, 0, false, slot, 0);
-}
-
-inline void JSObject::putDirectFunction(const Identifier& propertyName, JSCell* value, unsigned attributes, bool checkReadOnly, PutPropertySlot& slot)
-{
-    putDirectInternal(propertyName, value, attributes, checkReadOnly, slot, value);
-}
-
-inline void JSObject::putDirectFunction(const Identifier& propertyName, JSCell* value, unsigned attr)
+    putDirectInternal(globalData, propertyName, value, attributes, false, slot, 0);
+}
+
+inline bool JSObject::putDirect(JSGlobalData& globalData, const Identifier& propertyName, JSValue value, PutPropertySlot& slot)
+{
+    return putDirectInternal(globalData, propertyName, value, 0, false, slot, 0);
+}
+
+inline void JSObject::putDirectFunction(JSGlobalData& globalData, const Identifier& propertyName, JSCell* value, unsigned attributes, bool checkReadOnly, PutPropertySlot& slot)
+{
+    putDirectInternal(globalData, propertyName, value, attributes, checkReadOnly, slot, value);
+}
+
+inline void JSObject::putDirectFunction(JSGlobalData& globalData, const Identifier& propertyName, JSCell* value, unsigned attr)
 {
     PutPropertySlot slot;
-    putDirectInternal(propertyName, value, attr, false, slot, value);
-}
-
-inline void JSObject::putDirectWithoutTransition(const Identifier& propertyName, JSValue value, unsigned attributes)
+    putDirectInternal(globalData, propertyName, value, attr, false, slot, value);
+}
+
+inline void JSObject::putDirectWithoutTransition(JSGlobalData& globalData, const Identifier& propertyName, JSValue value, unsigned attributes)
 {
     size_t currentCapacity = m_structure->propertyStorageCapacity();
@@ -616 +617 @@
     if (currentCapacity != m_structure->propertyStorageCapacity())
         allocatePropertyStorage(currentCapacity, m_structure->propertyStorageCapacity());
-    putDirectOffset(offset, value);
-}
-
-inline void JSObject::putDirectFunctionWithoutTransition(const Identifier& propertyName, JSCell* value, unsigned attributes)
+    putDirectOffset(globalData, offset, value);
+}
+
+inline void JSObject::putDirectFunctionWithoutTransition(JSGlobalData& globalData, const Identifier& propertyName, JSCell* value, unsigned attributes)
 {
     size_t currentCapacity = m_structure->propertyStorageCapacity();
@@ -625 +626 @@
     if (currentCapacity != m_structure->propertyStorageCapacity())
         allocatePropertyStorage(currentCapacity, m_structure->propertyStorageCapacity());
-    putDirectOffset(offset, value);
+    putDirectOffset(globalData, offset, value);
 }
 
@@ -704 +705 @@
 {
     ASSERT(isCell() && isObject());
-    if (!asObject(asCell())->putDirect(propertyName, value, slot) && slot.isStrictMode())
+    if (!asObject(asCell())->putDirect(exec->globalData(), propertyName, value, slot) && slot.isStrictMode())
         throwTypeError(exec, StrictModeReadonlyPropertyWriteError);
 }
@@ -726 +727 @@
 
     PropertyStorage oldPropertyStorage = (wasInline ? m_inlineStorage : m_externalStorage);
-    PropertyStorage newPropertyStorage = new EncodedJSValue[newSize];
+    PropertyStorage newPropertyStorage = new WriteBarrierBase<Unknown>[newSize];
 
     for (unsigned i = 0; i < oldSize; ++i)
@@ -741 +742 @@
     JSCell::markChildren(markStack);
 
-    markStack.append(prototype());
-    
+    markStack.append(m_structure->storedPrototypeSlot());
     PropertyStorage storage = propertyStorage();
     size_t storageSize = m_structure->propertyStorageSize();
-    markStack.appendValues(reinterpret_cast<JSValue*>(storage), storageSize);
+    markStack.appendValues(storage, storageSize);
 }
 

trunk/Source/JavaScriptCore/runtime/JSPropertyNameIterator.cpp

@@ -41 +41 @@
     , m_numCacheableSlots(numCacheableSlots)
     , m_jsStringsSize(propertyNameArrayData->propertyNameVector().size())
-    , m_jsStrings(new JSValue[m_jsStringsSize])
+    , m_jsStrings(new WriteBarrier<Unknown>[m_jsStringsSize])
 {
     PropertyNameArrayData::PropertyNameVector& propertyNameVector = propertyNameArrayData->propertyNameVector();
     for (size_t i = 0; i < m_jsStringsSize; ++i)
-        m_jsStrings[i] = jsOwnedString(exec, propertyNameVector[i].ustring());
+        m_jsStrings[i].set(exec->globalData(), this, jsOwnedString(exec, propertyNameVector[i].ustring()));
 }
 
@@ -92 +92 @@
 JSValue JSPropertyNameIterator::get(ExecState* exec, JSObject* base, size_t i)
 {
-    JSValue& identifier = m_jsStrings[i];
+    JSValue identifier = m_jsStrings[i].get();
     if (m_cachedStructure == base->structure() && m_cachedPrototypeChain == base->structure()->prototypeChain(exec))
         return identifier;

trunk/Source/JavaScriptCore/runtime/JSPropertyNameIterator.h

@@ -86 +86 @@
         uint32_t m_numCacheableSlots;
         uint32_t m_jsStringsSize;
-        OwnArrayPtr<JSValue> m_jsStrings;
+        OwnArrayPtr<WriteBarrier<Unknown> > m_jsStrings;
     };
 

trunk/Source/JavaScriptCore/runtime/JSStaticScopeObject.cpp

@@ -35 +35 @@
 {
     JSVariableObject::markChildren(markStack);
-    markStack.append(d()->registerStore.jsValue());
+    markStack.deprecatedAppend(&d()->registerStore);
 }
 

trunk/Source/JavaScriptCore/runtime/JSString.cpp

@@ -256 +256 @@
 inline StringObject* StringObject::create(ExecState* exec, JSString* string)
 {
-    return new (exec) StringObject(exec->lexicalGlobalObject()->stringObjectStructure(), string);
+    return new (exec) StringObject(exec->globalData(), exec->lexicalGlobalObject()->stringObjectStructure(), string);
 }
 

trunk/Source/JavaScriptCore/runtime/JSValue.h

@@ -48 +48 @@
     struct Instruction;
 
+    template <class T> class DeprecatedPtr;
+    template <class T> class WriteBarrierBase;
+
     enum PreferredPrimitiveType { NoPreference, PreferNumber, PreferString };
 
@@ -213 +216 @@
 
     private:
+        template <class T> JSValue(DeprecatedPtr<T>);
+        template <class T> JSValue(WriteBarrierBase<T>);
+
         enum HashTableDeletedValueTag { HashTableDeletedValue };
         JSValue(HashTableDeletedValueTag);

trunk/Source/JavaScriptCore/runtime/JSWrapperObject.cpp

@@ -31 +31 @@
     JSObject::markChildren(markStack);
     if (m_internalValue)
-        markStack.append(m_internalValue);
+        markStack.append(&m_internalValue);
 }
 

trunk/Source/JavaScriptCore/runtime/JSWrapperObject.h

@@ -34 +34 @@
 
     public:
-        JSValue internalValue() const { return m_internalValue; }
-        void setInternalValue(JSValue);
+        JSValue internalValue() const { return m_internalValue.get(); }
+        void setInternalValue(JSGlobalData&, JSValue);
 
         static PassRefPtr<Structure> createStructure(JSValue prototype) 
@@ -48 +48 @@
         virtual void markChildren(MarkStack&);
         
-        JSValue m_internalValue;
+        WriteBarrier<Unknown> m_internalValue;
     };
 
@@ -57 +57 @@
     }
 
-    inline void JSWrapperObject::setInternalValue(JSValue value)
+    inline void JSWrapperObject::setInternalValue(JSGlobalData& globalData, JSValue value)
     {
         ASSERT(value);
         ASSERT(!value.isObject());
-        m_internalValue = value;
+        m_internalValue.set(globalData, this, value);
         putAnonymousValue(0, value);
     }

trunk/Source/JavaScriptCore/runtime/LiteralParser.cpp

@@ -374 +374 @@
             case DoParseObjectEndExpression:
             {
-                asObject(objectStack.last())->putDirect(identifierStack.last(), lastValue);
+                asObject(objectStack.last())->putDirect(m_exec->globalData(), identifierStack.last(), lastValue);
                 identifierStack.removeLast();
                 if (m_lexer.currentToken().type == TokComma)

trunk/Source/JavaScriptCore/runtime/Lookup.cpp

@@ -87 +87 @@
             function = new (exec) NativeFunctionWrapper(exec, globalObject, globalObject->prototypeFunctionStructure(), entry->functionLength(), propertyName, entry->function());
 
-        thisObj->putDirectFunction(propertyName, function, entry->attributes());
+        thisObj->putDirectFunction(exec->globalData(), propertyName, function, entry->attributes());
         location = thisObj->getDirectLocation(propertyName);
     }

trunk/Source/JavaScriptCore/runtime/Lookup.h

@@ -313 +313 @@
         if (entry->attributes() & Function) { // function: put as override property
             if (LIKELY(value.isCell()))
-                thisObj->putDirectFunction(propertyName, value.asCell());
+                thisObj->putDirectFunction(exec->globalData(), propertyName, value.asCell());
             else
-                thisObj->putDirect(propertyName, value);
+                thisObj->putDirect(exec->globalData(), propertyName, value);
         } else if (!(entry->attributes() & ReadOnly))
             entry->propertyPutter()(exec, thisObj, value);

trunk/Source/JavaScriptCore/runtime/MarkStack.h

@@ -28 +28 @@
 
 #include "JSValue.h"
+#include "WriteBarrier.h"
 #include <wtf/Vector.h>
 #include <wtf/Noncopyable.h>
@@ -50 +51 @@
         {
         }
-
-        ALWAYS_INLINE void append(JSValue);
-        void append(JSCell*);
         
-        ALWAYS_INLINE void appendValues(Register* values, size_t count, MarkSetProperties properties = NoNullValues)
-        {
-            appendValues(reinterpret_cast<JSValue*>(values), count, properties);
-        }
-
-        ALWAYS_INLINE void appendValues(JSValue* values, size_t count, MarkSetProperties properties = NoNullValues)
-        {
+        void deprecatedAppend(JSValue*);
+        void deprecatedAppend(JSCell**);
+        void deprecatedAppend(Register*);
+        template <typename T> void append(WriteBarrierBase<T>*);
+        template <typename T> void append(DeprecatedPtr<T>*);
+        
+        ALWAYS_INLINE void deprecatedAppendValues(Register* registers, size_t count, MarkSetProperties properties = NoNullValues)
+        {
+            JSValue* values = reinterpret_cast<JSValue*>(registers);
             if (count)
                 m_markSets.append(MarkSet(values, values + count, properties));
         }
 
+        void appendValues(WriteBarrierBase<Unknown>* barriers, size_t count, MarkSetProperties properties = NoNullValues)
+        {
+            JSValue* values = barriers->slot();
+            if (count)
+                m_markSets.append(MarkSet(values, values + count, properties));
+        }
+
         inline void drain();
         void compact();
@@ -75 +82 @@
 
     private:
+        void internalAppend(JSCell*);
+        void internalAppend(JSValue);
         void markChildren(JSCell*);
 

trunk/Source/JavaScriptCore/runtime/MathObject.cpp

@@ -90 +90 @@
     : JSObjectWithGlobalObject(globalObject, structure)
 {
-    putDirectWithoutTransition(Identifier(exec, "E"), jsNumber(exp(1.0)), DontDelete | DontEnum | ReadOnly);
-    putDirectWithoutTransition(Identifier(exec, "LN2"), jsNumber(log(2.0)), DontDelete | DontEnum | ReadOnly);
-    putDirectWithoutTransition(Identifier(exec, "LN10"), jsNumber(log(10.0)), DontDelete | DontEnum | ReadOnly);
-    putDirectWithoutTransition(Identifier(exec, "LOG2E"), jsNumber(1.0 / log(2.0)), DontDelete | DontEnum | ReadOnly);
-    putDirectWithoutTransition(Identifier(exec, "LOG10E"), jsNumber(1.0 / log(10.0)), DontDelete | DontEnum | ReadOnly);
-    putDirectWithoutTransition(Identifier(exec, "PI"), jsNumber(piDouble), DontDelete | DontEnum | ReadOnly);
-    putDirectWithoutTransition(Identifier(exec, "SQRT1_2"), jsNumber(sqrt(0.5)), DontDelete | DontEnum | ReadOnly);
-    putDirectWithoutTransition(Identifier(exec, "SQRT2"), jsNumber(sqrt(2.0)), DontDelete | DontEnum | ReadOnly);
+    putDirectWithoutTransition(exec->globalData(), Identifier(exec, "E"), jsNumber(exp(1.0)), DontDelete | DontEnum | ReadOnly);
+    putDirectWithoutTransition(exec->globalData(), Identifier(exec, "LN2"), jsNumber(log(2.0)), DontDelete | DontEnum | ReadOnly);
+    putDirectWithoutTransition(exec->globalData(), Identifier(exec, "LN10"), jsNumber(log(10.0)), DontDelete | DontEnum | ReadOnly);
+    putDirectWithoutTransition(exec->globalData(), Identifier(exec, "LOG2E"), jsNumber(1.0 / log(2.0)), DontDelete | DontEnum | ReadOnly);
+    putDirectWithoutTransition(exec->globalData(), Identifier(exec, "LOG10E"), jsNumber(1.0 / log(10.0)), DontDelete | DontEnum | ReadOnly);
+    putDirectWithoutTransition(exec->globalData(), Identifier(exec, "PI"), jsNumber(piDouble), DontDelete | DontEnum | ReadOnly);
+    putDirectWithoutTransition(exec->globalData(), Identifier(exec, "SQRT1_2"), jsNumber(sqrt(0.5)), DontDelete | DontEnum | ReadOnly);
+    putDirectWithoutTransition(exec->globalData(), Identifier(exec, "SQRT2"), jsNumber(sqrt(2.0)), DontDelete | DontEnum | ReadOnly);
 }
 

trunk/Source/JavaScriptCore/runtime/NativeErrorConstructor.cpp

@@ -38 +38 @@
     NativeErrorPrototype* prototype = new (exec) NativeErrorPrototype(exec, globalObject, prototypeStructure, nameAndMessage, this);
 
-    putDirect(exec->propertyNames().length, jsNumber(1), DontDelete | ReadOnly | DontEnum); // ECMA 15.11.7.5
-    putDirect(exec->propertyNames().prototype, prototype, DontDelete | ReadOnly | DontEnum);
+    putDirect(exec->globalData(), exec->propertyNames().length, jsNumber(1), DontDelete | ReadOnly | DontEnum); // ECMA 15.11.7.5
+    putDirect(exec->globalData(), exec->propertyNames().prototype, prototype, DontDelete | ReadOnly | DontEnum);
     m_errorStructure = ErrorInstance::createStructure(prototype);
 }

trunk/Source/JavaScriptCore/runtime/NativeErrorPrototype.cpp

@@ -35 +35 @@
     : JSObjectWithGlobalObject(globalObject, structure)
 {
-    putDirect(exec->propertyNames().name, jsString(exec, nameAndMessage), 0);
-    putDirect(exec->propertyNames().message, jsString(exec, nameAndMessage), 0);
-    putDirect(exec->propertyNames().constructor, constructor, DontEnum);
+    putDirect(exec->globalData(), exec->propertyNames().name, jsString(exec, nameAndMessage), 0);
+    putDirect(exec->globalData(), exec->propertyNames().message, jsString(exec, nameAndMessage), 0);
+    putDirect(exec->globalData(), exec->propertyNames().constructor, constructor, DontEnum);
 }
 

trunk/Source/JavaScriptCore/runtime/NumberConstructor.cpp

@@ -59 +59 @@
 {
     // Number.Prototype
-    putDirectWithoutTransition(exec->propertyNames().prototype, numberPrototype, DontEnum | DontDelete | ReadOnly);
+    putDirectWithoutTransition(exec->globalData(), exec->propertyNames().prototype, numberPrototype, DontEnum | DontDelete | ReadOnly);
 
     // no. of arguments for constructor
-    putDirectWithoutTransition(exec->propertyNames().length, jsNumber(1), ReadOnly | DontEnum | DontDelete);
+    putDirectWithoutTransition(exec->globalData(), exec->propertyNames().length, jsNumber(1), ReadOnly | DontEnum | DontDelete);
 }
 
@@ -105 +105 @@
     NumberObject* object = new (exec) NumberObject(exec->lexicalGlobalObject()->numberObjectStructure());
     double n = exec->argumentCount() ? exec->argument(0).toNumber(exec) : 0;
-    object->setInternalValue(jsNumber(n));
+    object->setInternalValue(exec->globalData(), jsNumber(n));
     return JSValue::encode(object);
 }

trunk/Source/JavaScriptCore/runtime/NumberObject.cpp

@@ -45 +45 @@
 {
     NumberObject* object = new (exec) NumberObject(exec->lexicalGlobalObject()->numberObjectStructure());
-    object->setInternalValue(number);
+    object->setInternalValue(exec->globalData(), number);
     return object;
 }

trunk/Source/JavaScriptCore/runtime/NumberPrototype.cpp

@@ -50 +50 @@
     : NumberObject(structure)
 {
-    setInternalValue(jsNumber(0));
+    setInternalValue(exec->globalData(), jsNumber(0));
 
     // The constructor will be added later, after NumberConstructor has been constructed

trunk/Source/JavaScriptCore/runtime/ObjectConstructor.cpp

@@ -48 +48 @@
 {
     // ECMA 15.2.3.1
-    putDirectWithoutTransition(exec->propertyNames().prototype, objectPrototype, DontEnum | DontDelete | ReadOnly);
+    putDirectWithoutTransition(exec->globalData(), exec->propertyNames().prototype, objectPrototype, DontEnum | DontDelete | ReadOnly);
     
     // no. of arguments for constructor
-    putDirectWithoutTransition(exec->propertyNames().length, jsNumber(1), ReadOnly | DontEnum | DontDelete);
+    putDirectWithoutTransition(exec->globalData(), exec->propertyNames().length, jsNumber(1), ReadOnly | DontEnum | DontDelete);
     
     putDirectFunctionWithoutTransition(exec, new (exec) NativeFunctionWrapper(exec, globalObject, prototypeFunctionStructure, 1, exec->propertyNames().getPrototypeOf, objectConstructorGetPrototypeOf), DontEnum);
@@ -118 +118 @@
     JSObject* description = constructEmptyObject(exec);
     if (!descriptor.isAccessorDescriptor()) {
-        description->putDirect(exec->propertyNames().value, descriptor.value() ? descriptor.value() : jsUndefined(), 0);
-        description->putDirect(exec->propertyNames().writable, jsBoolean(descriptor.writable()), 0);
+        description->putDirect(exec->globalData(), exec->propertyNames().value, descriptor.value() ? descriptor.value() : jsUndefined(), 0);
+        description->putDirect(exec->globalData(), exec->propertyNames().writable, jsBoolean(descriptor.writable()), 0);
     } else {
-        description->putDirect(exec->propertyNames().get, descriptor.getter() ? descriptor.getter() : jsUndefined(), 0);
-        description->putDirect(exec->propertyNames().set, descriptor.setter() ? descriptor.setter() : jsUndefined(), 0);
+        description->putDirect(exec->globalData(), exec->propertyNames().get, descriptor.getter() ? descriptor.getter() : jsUndefined(), 0);
+        description->putDirect(exec->globalData(), exec->propertyNames().set, descriptor.setter() ? descriptor.setter() : jsUndefined(), 0);
     }
     
-    description->putDirect(exec->propertyNames().enumerable, jsBoolean(descriptor.enumerable()), 0);
-    description->putDirect(exec->propertyNames().configurable, jsBoolean(descriptor.configurable()), 0);
+    description->putDirect(exec->globalData(), exec->propertyNames().enumerable, jsBoolean(descriptor.enumerable()), 0);
+    description->putDirect(exec->globalData(), exec->propertyNames().configurable, jsBoolean(descriptor.configurable()), 0);
 
     return JSValue::encode(description);

trunk/Source/JavaScriptCore/runtime/Operations.h

@@ -430 +430 @@
             // should not be treated as a dictionary.
             if (cell->structure()->isDictionary()) {
-                asObject(cell)->flattenDictionaryObject();
+                asObject(cell)->flattenDictionaryObject(callFrame->globalData());
                 if (slotBase == cell)
                     slotOffset = cell->structure()->get(propertyName); 
@@ -455 +455 @@
             // should not be treated as a dictionary.
             if (base->structure()->isDictionary())
-                asObject(base)->flattenDictionaryObject();
+                asObject(base)->flattenDictionaryObject(callFrame->globalData());
 
             ++count;
@@ -472 +472 @@
         JSObject* base;
         while (true) {
-            base = *iter;
+            base = iter->get();
             if (next == end)
                 return isStrictPut ? JSValue() : base;

trunk/Source/JavaScriptCore/runtime/PrototypeFunction.cpp

@@ -38 +38 @@
 {
     ASSERT_ARG(function, function);
-    putDirect(exec->propertyNames().length, jsNumber(length), DontDelete | ReadOnly | DontEnum);
+    putDirect(exec->globalData(), exec->propertyNames().length, jsNumber(length), DontDelete | ReadOnly | DontEnum);
 }
 
@@ -46 +46 @@
 {
     ASSERT_ARG(function, function);
-    putDirect(exec->propertyNames().length, jsNumber(length), DontDelete | ReadOnly | DontEnum);
+    putDirect(exec->globalData(), exec->propertyNames().length, jsNumber(length), DontDelete | ReadOnly | DontEnum);
 }
     

trunk/Source/JavaScriptCore/runtime/PutPropertySlot.h

@@ -46 +46 @@
         }
 
-        void setExistingProperty(JSObject* base, size_t offset)
+        void setExistingProperty(DeprecatedPtr<JSObject> base, size_t offset)
         {
             m_type = ExistingProperty;
@@ -53 +53 @@
         }
 
-        void setNewProperty(JSObject* base, size_t offset)
+        void setNewProperty(DeprecatedPtr<JSObject> base, size_t offset)
         {
             m_type = NewProperty;
@@ -61 +61 @@
 
         Type type() const { return m_type; }
-        JSObject* base() const { return m_base; }
+        JSObject* base() const { return m_base.get(); }
 
         bool isStrictMode() const { return m_isStrictMode; }
@@ -71 +71 @@
     private:
         Type m_type;
-        JSObject* m_base;
+        DeprecatedPtr<JSObject> m_base;
         size_t m_offset;
         bool m_isStrictMode;

trunk/Source/JavaScriptCore/runtime/RegExpConstructor.cpp

@@ -101 +101 @@
 {
     // ECMA 15.10.5.1 RegExp.prototype
-    putDirectWithoutTransition(exec->propertyNames().prototype, regExpPrototype, DontEnum | DontDelete | ReadOnly);
+    putDirectWithoutTransition(exec->globalData(), exec->propertyNames().prototype, regExpPrototype, DontEnum | DontDelete | ReadOnly);
 
     // no. of arguments for constructor
-    putDirectWithoutTransition(exec->propertyNames().length, jsNumber(2), ReadOnly | DontDelete | DontEnum);
+    putDirectWithoutTransition(exec->globalData(), exec->propertyNames().length, jsNumber(2), ReadOnly | DontDelete | DontEnum);
 }
 

trunk/Source/JavaScriptCore/runtime/ScopeChain.cpp

@@ -36 +36 @@
     ScopeChainIterator scopeEnd = end();
     for (ScopeChainIterator scopeIter = begin(); scopeIter != scopeEnd; ++scopeIter) {
-        JSObject* o = *scopeIter;
+        DeprecatedPtr<JSObject> o = *scopeIter;
         PropertyNameArray propertyNames(globalObject->globalExec());
         o->getPropertyNames(globalObject->globalExec(), propertyNames);
         PropertyNameArray::const_iterator propEnd = propertyNames.end();
 
-        fprintf(stderr, "----- [scope %p] -----\n", o);
+        fprintf(stderr, "----- [scope %p] -----\n", o.get());
         for (PropertyNameArray::const_iterator propIter = propertyNames.begin(); propIter != propEnd; propIter++) {
             Identifier name = *propIter;

trunk/Source/JavaScriptCore/runtime/ScopeChain.h

@@ -22 +22 @@
 #define ScopeChain_h
 
+#include "WriteBarrier.h"
 #include <wtf/FastAllocBase.h>
 
@@ -53 +54 @@
         {
             next = 0;
-            object = 0;
             globalData = 0;
             globalObject = 0;
@@ -61 +61 @@
 
         ScopeChainNode* next;
-        JSObject* object;
+        DeprecatedPtr<JSObject> object;
         JSGlobalData* globalData;
         JSGlobalObject* globalObject;
@@ -132 +132 @@
         }
 
-        JSObject* const & operator*() const { return m_node->object; }
-        JSObject* const * operator->() const { return &(operator*()); }
+        DeprecatedPtr<JSObject> const & operator*() const { return m_node->object; }
+        DeprecatedPtr<JSObject> const * operator->() const { return &(operator*()); }
     
         ScopeChainIterator& operator++() { m_node = m_node->next; return *this; }
@@ -196 +196 @@
         ScopeChainNode* node() const { return m_node; }
 
-        JSObject* top() const { return m_node->object; }
+        JSObject* top() const { return m_node->object.get(); }
 
         ScopeChainIterator begin() const { return m_node->begin(); }

trunk/Source/JavaScriptCore/runtime/ScopeChainMark.h

@@ -29 +29 @@
     {
         for (ScopeChainNode* n = m_node; n; n = n->next)
-            markStack.append(n->object);
+            markStack.append(&n->object);
     }
 

trunk/Source/JavaScriptCore/runtime/SmallStrings.cpp

@@ -36 +36 @@
 static const unsigned numCharactersToStore = 0x100;
 
-static inline bool isMarked(JSString* string)
+static inline bool isMarked(JSCell* string)
 {
     return string && Heap::isCellMarked(string);
@@ -84 +84 @@
      */
 
-    bool isAnyStringMarked = isMarked(m_emptyString);
+    bool isAnyStringMarked = isMarked(m_emptyString.get());
     for (unsigned i = 0; i < numCharactersToStore && !isAnyStringMarked; ++i)
-        isAnyStringMarked = isMarked(m_singleCharacterStrings[i]);
+        isAnyStringMarked = isMarked(m_singleCharacterStrings[i].get());
     
     if (!isAnyStringMarked) {
@@ -94 +94 @@
     
     if (m_emptyString)
-        markStack.append(m_emptyString);
+        markStack.append(&m_emptyString);
     for (unsigned i = 0; i < numCharactersToStore; ++i) {
         if (m_singleCharacterStrings[i])
-            markStack.append(m_singleCharacterStrings[i]);
+            markStack.append(&m_singleCharacterStrings[i]);
     }
 }

trunk/Source/JavaScriptCore/runtime/SmallStrings.h

@@ -28 +28 @@
 
 #include "UString.h"
+#include "WriteBarrier.h"
 #include <wtf/FixedArray.h>
 #include <wtf/OwnPtr.h>
@@ -48 +49 @@
             if (!m_emptyString)
                 createEmptyString(globalData);
-            return m_emptyString;
+            return m_emptyString.get();
         }
         JSString* singleCharacterString(JSGlobalData* globalData, unsigned char character)
@@ -54 +55 @@
             if (!m_singleCharacterStrings[character])
                 createSingleCharacterString(globalData, character);
-            return m_singleCharacterStrings[character];
+            return m_singleCharacterStrings[character].get();
         }
 
@@ -64 +65 @@
         unsigned count() const;
 #if ENABLE(JIT)
-        JSString** singleCharacterStrings() { return m_singleCharacterStrings.data(); }
+        JSCell** singleCharacterStrings() { return m_singleCharacterStrings[0].slot(); }
 #endif
     private:
@@ -70 +71 @@
         void createSingleCharacterString(JSGlobalData*, unsigned char);
 
-        JSString* m_emptyString;
-        FixedArray<JSString*, 0x100> m_singleCharacterStrings;
+        DeprecatedPtr<JSString> m_emptyString;
+        FixedArray<DeprecatedPtr<JSString>, 0x100> m_singleCharacterStrings;
         OwnPtr<SmallStringsStorage> m_storage;
     };

trunk/Source/JavaScriptCore/runtime/StringConstructor.cpp

@@ -54 +54 @@
 {
     // ECMA 15.5.3.1 String.prototype
-    putDirectWithoutTransition(exec->propertyNames().prototype, stringPrototype, ReadOnly | DontEnum | DontDelete);
+    putDirectWithoutTransition(exec->globalData(), exec->propertyNames().prototype, stringPrototype, ReadOnly | DontEnum | DontDelete);
 
     // ECMA 15.5.3.2 fromCharCode()
@@ -63 +63 @@
 #endif
     // no. of arguments for constructor
-    putDirectWithoutTransition(exec->propertyNames().length, jsNumber(1), ReadOnly | DontEnum | DontDelete);
+    putDirectWithoutTransition(exec->globalData(), exec->propertyNames().length, jsNumber(1), ReadOnly | DontEnum | DontDelete);
 }
 

trunk/Source/JavaScriptCore/runtime/StringObject.cpp

@@ -33 +33 @@
     : JSWrapperObject(structure)
 {
-    setInternalValue(jsEmptyString(exec));
+    setInternalValue(exec->globalData(), jsEmptyString(exec));
 }
 
-StringObject::StringObject(NonNullPassRefPtr<Structure> structure, JSString* string)
+StringObject::StringObject(JSGlobalData& globalData, NonNullPassRefPtr<Structure> structure, JSString* string)
     : JSWrapperObject(structure)
 {
-    setInternalValue(string);
+    setInternalValue(globalData, string);
 }
 
@@ -45 +45 @@
     : JSWrapperObject(structure)
 {
-    setInternalValue(jsString(exec, string));
+    setInternalValue(exec->globalData(), jsString(exec, string));
 }
 

trunk/Source/JavaScriptCore/runtime/StringObject.h

@@ -54 +54 @@
     protected:
         static const unsigned StructureFlags = OverridesGetOwnPropertySlot | OverridesMarkChildren | OverridesGetPropertyNames | JSWrapperObject::StructureFlags;
-        StringObject(NonNullPassRefPtr<Structure>, JSString*);
+        StringObject(JSGlobalData&, NonNullPassRefPtr<Structure>, JSString*);
   };
 

trunk/Source/JavaScriptCore/runtime/StringPrototype.cpp

@@ -137 +137 @@
     putAnonymousValue(0, globalObject);
     // The constructor will be added later, after StringConstructor has been built
-    putDirectWithoutTransition(exec->propertyNames().length, jsNumber(0), DontDelete | ReadOnly | DontEnum);
+    putDirectWithoutTransition(exec->globalData(), exec->propertyNames().length, jsNumber(0), DontDelete | ReadOnly | DontEnum);
 }
 

trunk/Source/JavaScriptCore/runtime/Structure.cpp

@@ -243 +243 @@
 
     ASSERT(m_prototype);
-    ASSERT(m_prototype.isObject() || m_prototype.isNull());
+    ASSERT(m_prototype->isObject() || m_prototype->isNull());
 
 #ifndef NDEBUG
@@ -477 +477 @@
     }
 
-    RefPtr<Structure> transition = create(structure->m_prototype, structure->typeInfo(), structure->anonymousSlotCount());
+    RefPtr<Structure> transition = create(structure->m_prototype.get(), structure->typeInfo(), structure->anonymousSlotCount());
 
     transition->m_cachedPrototypeChain = structure->m_cachedPrototypeChain;
@@ -596 +596 @@
     ASSERT(!structure->isUncacheableDictionary());
     
-    RefPtr<Structure> transition = create(structure->m_prototype, structure->typeInfo(), structure->anonymousSlotCount());
+    RefPtr<Structure> transition = create(structure->m_prototype.get(), structure->typeInfo(), structure->anonymousSlotCount());
     transition->m_dictionaryKind = kind;
     transition->m_propertyStorageCapacity = structure->m_propertyStorageCapacity;
@@ -621 +621 @@
 }
 
-PassRefPtr<Structure> Structure::flattenDictionaryStructure(JSObject* object)
+PassRefPtr<Structure> Structure::flattenDictionaryStructure(JSGlobalData& globalData, JSObject* object)
 {
     ASSERT(isDictionary());
@@ -652 +652 @@
         // Copy the original property values into their final locations
         for (unsigned i = 0; i < propertyCount; i++)
-            object->putDirectOffset(anonymousSlotCount + i, values[i]);
+            object->putDirectOffset(globalData, anonymousSlotCount + i, values[i]);
 
         if (m_propertyTable->deletedOffsets) {

trunk/Source/JavaScriptCore/runtime/Structure.h

@@ -81 +81 @@
         static PassRefPtr<Structure> toUncacheableDictionaryTransition(Structure*);
 
-        PassRefPtr<Structure> flattenDictionaryStructure(JSObject*);
+        PassRefPtr<Structure> flattenDictionaryStructure(JSGlobalData&, JSObject*);
 
         ~Structure();
@@ -95 +95 @@
         const TypeInfo& typeInfo() const { return m_typeInfo; }
 
-        JSValue storedPrototype() const { return m_prototype; }
+        JSValue storedPrototype() const { return m_prototype.get(); }
+        DeprecatedPtr<Unknown>* storedPrototypeSlot() { return &m_prototype; }
         JSValue prototypeForLookup(ExecState*) const;
         StructureChain* prototypeChain(ExecState*) const;
@@ -207 +208 @@
         TypeInfo m_typeInfo;
 
-        JSValue m_prototype;
+        DeprecatedPtr<Unknown> m_prototype;
         mutable RefPtr<StructureChain> m_cachedPrototypeChain;
 

trunk/Source/JavaScriptCore/runtime/WeakGCMap.h

@@ -47 +47 @@
 
 public:
-    typedef typename HashMap<KeyType, MappedType>::iterator iterator;
-    typedef typename HashMap<KeyType, MappedType>::const_iterator const_iterator;
+    typedef typename HashMap<KeyType, DeprecatedPtr<MappedType> >::iterator iterator;
+    typedef typename HashMap<KeyType, DeprecatedPtr<MappedType> >::const_iterator const_iterator;
     
     bool isEmpty() { return m_map.isEmpty(); }
     void clear() { m_map.clear(); }
 
-    MappedType get(const KeyType& key) const;
-    pair<iterator, bool> set(const KeyType&, const MappedType&); 
-    MappedType take(const KeyType& key);
+    MappedType* get(const KeyType&) const;
+    pair<iterator, bool> set(const KeyType&, MappedType*); 
+    MappedType* take(const KeyType&);
 
     // These unchecked functions provide access to a value even if the value's
@@ -61 +61 @@
     // during the GC mark phase, which begins by clearing all mark bits.
 
-    MappedType uncheckedGet(const KeyType& key) const { return m_map.get(key); }
-    bool uncheckedRemove(const KeyType&, const MappedType&);
+    MappedType* uncheckedGet(const KeyType& key) const { return m_map.get(key).get(); }
+    DeprecatedPtr<MappedType>* uncheckedGetSlot(const KeyType& key)
+    {
+        iterator iter = m_map.find(key);
+        if (iter == m_map.end())
+            return 0;
+        return &iter->second;
+    }
+    bool uncheckedRemove(const KeyType&, MappedType*);
 
     iterator uncheckedBegin() { return m_map.begin(); }
@@ -71 +78 @@
 
 private:
-    HashMap<KeyType, MappedType> m_map;
+    HashMap<KeyType, DeprecatedPtr<MappedType> > m_map;
 };
 
 template<typename KeyType, typename MappedType>
-inline MappedType WeakGCMap<KeyType, MappedType>::get(const KeyType& key) const
+inline MappedType* WeakGCMap<KeyType, MappedType>::get(const KeyType& key) const
 {
-    MappedType result = m_map.get(key);
-    if (result == HashTraits<MappedType>::emptyValue())
+    MappedType* result = m_map.get(key).get();
+    if (result == HashTraits<MappedType*>::emptyValue())
         return result;
     if (!Heap::isCellMarked(result))
-        return HashTraits<MappedType>::emptyValue();
+        return HashTraits<MappedType*>::emptyValue();
     return result;
 }
 
 template<typename KeyType, typename MappedType>
-MappedType WeakGCMap<KeyType, MappedType>::take(const KeyType& key)
+MappedType* WeakGCMap<KeyType, MappedType>::take(const KeyType& key)
 {
-    MappedType result = m_map.take(key);
-    if (result == HashTraits<MappedType>::emptyValue())
+    MappedType* result = m_map.take(key).get();
+    if (result == HashTraits<MappedType*>::emptyValue())
         return result;
     if (!Heap::isCellMarked(result))
-        return HashTraits<MappedType>::emptyValue();
+        return HashTraits<MappedType*>::emptyValue();
     return result;
 }
 
 template<typename KeyType, typename MappedType>
-pair<typename HashMap<KeyType, MappedType>::iterator, bool> WeakGCMap<KeyType, MappedType>::set(const KeyType& key, const MappedType& value)
+pair<typename WeakGCMap<KeyType, MappedType>::iterator, bool> WeakGCMap<KeyType, MappedType>::set(const KeyType& key, MappedType* value)
 {
     Heap::markCell(value); // If value is newly allocated, it's not marked, so mark it now.
     pair<iterator, bool> result = m_map.add(key, value);
     if (!result.second) { // pre-existing entry
-        result.second = !Heap::isCellMarked(result.first->second);
+        result.second = !Heap::isCellMarked(result.first->second.get());
         result.first->second = value;
     }
@@ -109 +116 @@
 
 template<typename KeyType, typename MappedType>
-bool WeakGCMap<KeyType, MappedType>::uncheckedRemove(const KeyType& key, const MappedType& value)
+bool WeakGCMap<KeyType, MappedType>::uncheckedRemove(const KeyType& key, MappedType* value)
 {
     iterator it = m_map.find(key);
     if (it == m_map.end())
         return false;
-    if (it->second != value)
+    if (it->second.get() != value)
         return false;
     m_map.remove(it);