Changeset 59941 in webkit

Timestamp:

May 21, 2010 11:19:42 AM (14 years ago)

Author:

oliver@apple.com

Message:

2010-05-21 Oliver Hunt <​oliver@apple.com>

Reviewed by Geoffrey Garen.

All callable objects should have a global object reference
​https://bugs.webkit.org/show_bug.cgi?id=39495

All objects that may ever return a value other CallTypeNone
or ConstructTypeNone now get a global object in their constructor
and store that in their first anonymous slot. We add a new type
JSObjectWithGlobalObject to allow us to share this logic as much
as possible, however some objects have specific inheritance
requirements so we can't just use it universally.

To enforce this requirement JSValue::getCallData and getConstructData
make use of a new "isValidCallee" function to assert that any object
that returns a value other than CallType/ConstructTypeNone has a
global object in anonymous slot 0.

In order to ensure that static function slots are converted into
function objects with the correct global object, all prototype objects
and other classes with static function slots also gain a global object
reference. Happily this fixes the long standing issue where host
function objects get a prototype from the lexical global object of the
first function that calls them, instead of the global object that they
are defined on.

• API/JSCallbackConstructor.cpp: (JSC::JSCallbackConstructor::JSCallbackConstructor):
• API/JSCallbackConstructor.h:
• API/JSCallbackFunction.cpp: (JSC::JSCallbackFunction::JSCallbackFunction):
• API/JSCallbackFunction.h:
• API/JSCallbackObject.cpp: (JSC::):
• API/JSCallbackObject.h:
• API/JSCallbackObjectFunctions.h: (JSC::::JSCallbackObject): (JSC::::staticFunctionGetter):
• API/JSClassRef.cpp: (OpaqueJSClass::prototype):
• API/JSContextRef.cpp:
• API/JSObjectRef.cpp: (JSObjectMake): (JSObjectMakeFunctionWithCallback): (JSObjectMakeConstructor): (JSObjectGetPrivate): (JSObjectSetPrivate): (JSObjectGetPrivateProperty): (JSObjectSetPrivateProperty): (JSObjectDeletePrivateProperty):
• API/JSValueRef.cpp: (JSValueIsObjectOfClass):
• API/JSWeakObjectMapRefPrivate.cpp:
• CMakeLists.txt:
• GNUmakefile.am:
• JavaScriptCore.exp:
• JavaScriptCore.gypi:
• JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
• JavaScriptCore.xcodeproj/project.pbxproj:
• interpreter/Interpreter.cpp: (JSC::Interpreter::privateExecute):
• jit/JITStubs.cpp: (JSC::DEFINE_STUB_FUNCTION):
• jsc.cpp: (GlobalObject::GlobalObject):
• runtime/ArrayConstructor.cpp: (JSC::ArrayConstructor::ArrayConstructor):
• runtime/ArrayConstructor.h:
• runtime/ArrayPrototype.cpp: (JSC::ArrayPrototype::ArrayPrototype):
• runtime/ArrayPrototype.h: (JSC::ArrayPrototype::createStructure):
• runtime/BooleanConstructor.cpp: (JSC::BooleanConstructor::BooleanConstructor):
• runtime/BooleanConstructor.h:
• runtime/BooleanPrototype.cpp: (JSC::BooleanPrototype::BooleanPrototype):
• runtime/BooleanPrototype.h:
• runtime/DateConstructor.cpp: (JSC::DateConstructor::DateConstructor):
• runtime/DateConstructor.h:
• runtime/DatePrototype.cpp: (JSC::DatePrototype::DatePrototype):
• runtime/DatePrototype.h:
• runtime/ErrorConstructor.cpp: (JSC::ErrorConstructor::ErrorConstructor):
• runtime/ErrorConstructor.h:
• runtime/ErrorPrototype.cpp: (JSC::ErrorPrototype::ErrorPrototype):
• runtime/ErrorPrototype.h:
• runtime/FunctionConstructor.cpp: (JSC::FunctionConstructor::FunctionConstructor):
• runtime/FunctionConstructor.h:
• runtime/FunctionPrototype.cpp: (JSC::FunctionPrototype::FunctionPrototype): (JSC::FunctionPrototype::addFunctionProperties):
• runtime/FunctionPrototype.h:
• runtime/GlobalEvalFunction.cpp: (JSC::GlobalEvalFunction::GlobalEvalFunction):
• runtime/GlobalEvalFunction.h:
• runtime/InternalFunction.cpp: (JSC::InternalFunction::InternalFunction):
• runtime/InternalFunction.h:
• runtime/JSCell.h: (JSC::JSValue::getCallData): (JSC::JSValue::getConstructData):
• runtime/JSFunction.cpp: (JSC::JSFunction::JSFunction):
• runtime/JSFunction.h:
• runtime/JSGlobalObject.cpp: (JSC::JSGlobalObject::reset):
• runtime/JSGlobalObject.h: (JSC::JSGlobalObject::JSGlobalObject):
• runtime/JSONObject.cpp: (JSC::JSONObject::JSONObject):
• runtime/JSONObject.h:
• runtime/JSObject.h:
• runtime/JSObjectWithGlobalObject.cpp: Added. (JSC::JSObjectWithGlobalObject::JSObjectWithGlobalObject):
• runtime/JSObjectWithGlobalObject.h: Added. (JSC::JSObjectWithGlobalObject::createStructure): (JSC::JSObjectWithGlobalObject::JSObjectWithGlobalObject):
• runtime/JSValue.cpp: (JSC::JSValue::isValidCallee):
• runtime/JSValue.h:
• runtime/Lookup.cpp: (JSC::setUpStaticFunctionSlot):
• runtime/MathObject.cpp: (JSC::MathObject::MathObject):
• runtime/MathObject.h:
• runtime/NativeErrorConstructor.cpp: (JSC::NativeErrorConstructor::NativeErrorConstructor):
• runtime/NativeErrorConstructor.h:
• runtime/NativeErrorPrototype.cpp: (JSC::NativeErrorPrototype::NativeErrorPrototype):
• runtime/NativeErrorPrototype.h:
• runtime/NumberConstructor.cpp: (JSC::NumberConstructor::NumberConstructor):
• runtime/NumberConstructor.h:
• runtime/NumberPrototype.cpp: (JSC::NumberPrototype::NumberPrototype):
• runtime/NumberPrototype.h:
• runtime/ObjectConstructor.cpp: (JSC::ObjectConstructor::ObjectConstructor):
• runtime/ObjectConstructor.h:
• runtime/ObjectPrototype.cpp: (JSC::ObjectPrototype::ObjectPrototype):
• runtime/ObjectPrototype.h:
• runtime/PrototypeFunction.cpp: (JSC::PrototypeFunction::PrototypeFunction):
• runtime/PrototypeFunction.h:
• runtime/RegExpConstructor.cpp: (JSC::RegExpConstructor::RegExpConstructor): (JSC::constructRegExp):
• runtime/RegExpConstructor.h:
• runtime/RegExpObject.cpp: (JSC::RegExpObject::RegExpObject):
• runtime/RegExpObject.h:
• runtime/RegExpPrototype.cpp: (JSC::RegExpPrototype::RegExpPrototype):
• runtime/RegExpPrototype.h:
• runtime/StringConstructor.cpp: (JSC::StringConstructor::StringConstructor):
• runtime/StringConstructor.h:
• runtime/StringPrototype.cpp: (JSC::StringPrototype::StringPrototype):
• runtime/StringPrototype.h:

2010-05-21 Oliver Hunt <​oliver@apple.com>

Reviewed by Geoffrey Garen.

All callable objects should have a global object reference
​https://bugs.webkit.org/show_bug.cgi?id=39495

Update expected results as we now give all function objects
get their prototypes from the correct global object.

• fast/dom/prototype-inheritance-expected.txt:

2010-05-21 Oliver Hunt <​oliver@apple.com>

Reviewed by Geoffrey Garen.

All callable objects should have a global object reference
​https://bugs.webkit.org/show_bug.cgi?id=39495

Update the bindings generator to give prototype objects a
global object. Update all the manually written JSObject
subclasses to pass a global object.

• ForwardingHeaders/runtime/JSObjectWithGlobalObject.h: Added.
• WebCore.PluginHostProcess.exp:
• bindings/js/JSDOMBinding.cpp: (WebCore::objectToStringFunctionGetter):
• bindings/js/JSDOMWindowCustom.cpp: (WebCore::nonCachingStaticFunctionGetter):
• bindings/js/JSDOMWindowShell.cpp: (WebCore::JSDOMWindowShell::setWindow):
• bindings/js/JSHistoryCustom.cpp: (WebCore::nonCachingStaticBackFunctionGetter): (WebCore::nonCachingStaticForwardFunctionGetter): (WebCore::nonCachingStaticGoFunctionGetter):
• bindings/js/JSLocationCustom.cpp: (WebCore::nonCachingStaticReplaceFunctionGetter): (WebCore::nonCachingStaticReloadFunctionGetter): (WebCore::nonCachingStaticAssignFunctionGetter):
• bindings/js/WorkerScriptController.cpp: (WebCore::WorkerScriptController::initScript):
• bindings/scripts/CodeGeneratorJS.pm:
• bridge/c/CRuntimeObject.cpp: (JSC::Bindings::CRuntimeObject::CRuntimeObject):
• bridge/c/CRuntimeObject.h:
• bridge/c/c_instance.cpp: (JSC::Bindings::CInstance::newRuntimeObject): (JSC::Bindings::CRuntimeMethod::CRuntimeMethod): (JSC::Bindings::CInstance::getMethod):
• bridge/jni/jsc/JavaInstanceJSC.cpp: (JavaInstance::newRuntimeObject): (JavaRuntimeMethod::JavaRuntimeMethod): (JavaInstance::getMethod):
• bridge/jni/jsc/JavaRuntimeObject.cpp: (JSC::Bindings::JavaRuntimeObject::JavaRuntimeObject):
• bridge/jni/jsc/JavaRuntimeObject.h:
• bridge/jsc/BridgeJSC.cpp: (JSC::Bindings::Instance::newRuntimeObject):
• bridge/objc/ObjCRuntimeObject.h:
• bridge/objc/ObjCRuntimeObject.mm: (JSC::Bindings::ObjCRuntimeObject::ObjCRuntimeObject):
• bridge/objc/objc_class.mm: (JSC::Bindings::ObjcClass::fallbackObject):
• bridge/objc/objc_instance.mm: (ObjcInstance::newRuntimeObject): (ObjCRuntimeMethod::ObjCRuntimeMethod): (ObjcInstance::getMethod):
• bridge/objc/objc_runtime.h:
• bridge/objc/objc_runtime.mm: (JSC::Bindings::ObjcFallbackObjectImp::ObjcFallbackObjectImp):
• bridge/runtime_method.cpp: (JSC::RuntimeMethod::RuntimeMethod):
• bridge/runtime_method.h:
• bridge/runtime_object.cpp: (JSC::Bindings::RuntimeObject::RuntimeObject):
• bridge/runtime_object.h:

2010-05-21 Oliver Hunt <​oliver@apple.com>

Reviewed by Geoffrey Garen.

All callable objects should have a global object reference
​https://bugs.webkit.org/show_bug.cgi?id=39495

Update the plugin proxy to handle the need for global object.

• Plugins/Hosted/ProxyInstance.mm: (WebKit::ProxyInstance::newRuntimeObject): (WebKit::ProxyRuntimeMethod::ProxyRuntimeMethod): (WebKit::ProxyInstance::getMethod):
• Plugins/Hosted/ProxyRuntimeObject.h:
• Plugins/Hosted/ProxyRuntimeObject.mm: (WebKit::ProxyRuntimeObject::ProxyRuntimeObject):

Location:

trunk

Files:

• JavaScriptCore/API/JSCallbackConstructor.cpp (modified) (1 diff)
• JavaScriptCore/API/JSCallbackConstructor.h (modified) (1 diff)
• JavaScriptCore/API/JSCallbackFunction.cpp (modified) (1 diff)
• JavaScriptCore/API/JSCallbackFunction.h (modified) (1 diff)
• JavaScriptCore/API/JSCallbackObject.cpp (modified) (1 diff)
• JavaScriptCore/API/JSCallbackObject.h (modified) (1 diff)
• JavaScriptCore/API/JSCallbackObjectFunctions.h (modified) (3 diffs)
• JavaScriptCore/API/JSClassRef.cpp (modified) (1 diff)
• JavaScriptCore/API/JSContextRef.cpp (modified) (1 diff)
• JavaScriptCore/API/JSObjectRef.cpp (modified) (8 diffs)
• JavaScriptCore/API/JSValueRef.cpp (modified) (1 diff)
• JavaScriptCore/API/JSWeakObjectMapRefPrivate.cpp (modified) (1 diff)
• JavaScriptCore/CMakeLists.txt (modified) (1 diff)
• JavaScriptCore/ChangeLog (modified) (1 diff)
• JavaScriptCore/GNUmakefile.am (modified) (1 diff)
• JavaScriptCore/JavaScriptCore.exp (modified) (6 diffs)
• JavaScriptCore/JavaScriptCore.gypi (modified) (1 diff)
• JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj (modified) (1 diff)
• JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj (modified) (5 diffs)
• JavaScriptCore/jit/JITStubs.cpp (modified) (1 diff)
• JavaScriptCore/jsc.cpp (modified) (1 diff)
• JavaScriptCore/runtime/ArrayConstructor.cpp (modified) (2 diffs)
• JavaScriptCore/runtime/ArrayConstructor.h (modified) (1 diff)
• JavaScriptCore/runtime/ArrayPrototype.cpp (modified) (1 diff)
• JavaScriptCore/runtime/ArrayPrototype.h (modified) (2 diffs)
• JavaScriptCore/runtime/BooleanConstructor.cpp (modified) (1 diff)
• JavaScriptCore/runtime/BooleanConstructor.h (modified) (1 diff)
• JavaScriptCore/runtime/BooleanPrototype.cpp (modified) (1 diff)
• JavaScriptCore/runtime/BooleanPrototype.h (modified) (1 diff)
• JavaScriptCore/runtime/DateConstructor.cpp (modified) (1 diff)
• JavaScriptCore/runtime/DateConstructor.h (modified) (1 diff)
• JavaScriptCore/runtime/DatePrototype.cpp (modified) (1 diff)
• JavaScriptCore/runtime/DatePrototype.h (modified) (1 diff)
• JavaScriptCore/runtime/ErrorConstructor.cpp (modified) (1 diff)
• JavaScriptCore/runtime/ErrorConstructor.h (modified) (1 diff)
• JavaScriptCore/runtime/ErrorPrototype.cpp (modified) (2 diffs)
• JavaScriptCore/runtime/ErrorPrototype.h (modified) (1 diff)
• JavaScriptCore/runtime/FunctionConstructor.cpp (modified) (1 diff)
• JavaScriptCore/runtime/FunctionConstructor.h (modified) (1 diff)
• JavaScriptCore/runtime/FunctionPrototype.cpp (modified) (1 diff)
• JavaScriptCore/runtime/FunctionPrototype.h (modified) (1 diff)
• JavaScriptCore/runtime/GlobalEvalFunction.cpp (modified) (1 diff)
• JavaScriptCore/runtime/GlobalEvalFunction.h (modified) (1 diff)
• JavaScriptCore/runtime/InternalFunction.cpp (modified) (2 diffs)
• JavaScriptCore/runtime/InternalFunction.h (modified) (3 diffs)
• JavaScriptCore/runtime/JSCell.h (modified) (1 diff)
• JavaScriptCore/runtime/JSFunction.cpp (modified) (3 diffs)
• JavaScriptCore/runtime/JSFunction.h (modified) (2 diffs)
• JavaScriptCore/runtime/JSGlobalObject.cpp (modified) (4 diffs)
• JavaScriptCore/runtime/JSGlobalObject.h (modified) (3 diffs)
• JavaScriptCore/runtime/JSONObject.cpp (modified) (2 diffs)
• JavaScriptCore/runtime/JSONObject.h (modified) (2 diffs)
• JavaScriptCore/runtime/JSObject.h (modified) (2 diffs)
• JavaScriptCore/runtime/JSObjectWithGlobalObject.cpp (added)
• JavaScriptCore/runtime/JSObjectWithGlobalObject.h (added)
• JavaScriptCore/runtime/JSValue.cpp (modified) (1 diff)
• JavaScriptCore/runtime/JSValue.h (modified) (1 diff)
• JavaScriptCore/runtime/Lookup.cpp (modified) (2 diffs)
• JavaScriptCore/runtime/MathObject.cpp (modified) (1 diff)
• JavaScriptCore/runtime/MathObject.h (modified) (1 diff)
• JavaScriptCore/runtime/NativeErrorConstructor.cpp (modified) (1 diff)
• JavaScriptCore/runtime/NativeErrorConstructor.h (modified) (1 diff)
• JavaScriptCore/runtime/NativeErrorPrototype.cpp (modified) (2 diffs)
• JavaScriptCore/runtime/NativeErrorPrototype.h (modified) (1 diff)
• JavaScriptCore/runtime/NumberConstructor.cpp (modified) (1 diff)
• JavaScriptCore/runtime/NumberConstructor.h (modified) (1 diff)
• JavaScriptCore/runtime/NumberPrototype.cpp (modified) (2 diffs)
• JavaScriptCore/runtime/NumberPrototype.h (modified) (1 diff)
• JavaScriptCore/runtime/ObjectConstructor.cpp (modified) (2 diffs)
• JavaScriptCore/runtime/ObjectConstructor.h (modified) (1 diff)
• JavaScriptCore/runtime/ObjectPrototype.cpp (modified) (1 diff)
• JavaScriptCore/runtime/ObjectPrototype.h (modified) (1 diff)
• JavaScriptCore/runtime/PrototypeFunction.cpp (modified) (2 diffs)
• JavaScriptCore/runtime/PrototypeFunction.h (modified) (1 diff)
• JavaScriptCore/runtime/RegExpConstructor.cpp (modified) (2 diffs)
• JavaScriptCore/runtime/RegExpConstructor.h (modified) (1 diff)
• JavaScriptCore/runtime/RegExpObject.cpp (modified) (1 diff)
• JavaScriptCore/runtime/RegExpObject.h (modified) (2 diffs)
• JavaScriptCore/runtime/RegExpPrototype.cpp (modified) (1 diff)
• JavaScriptCore/runtime/RegExpPrototype.h (modified) (1 diff)
• JavaScriptCore/runtime/StringConstructor.cpp (modified) (2 diffs)
• JavaScriptCore/runtime/StringConstructor.h (modified) (1 diff)
• JavaScriptCore/runtime/StringPrototype.cpp (modified) (1 diff)
• JavaScriptCore/runtime/StringPrototype.h (modified) (1 diff)
• LayoutTests/ChangeLog (modified) (1 diff)
• LayoutTests/fast/dom/prototype-inheritance-expected.txt (modified) (7 diffs)
• WebCore/ChangeLog (modified) (1 diff)
• WebCore/ForwardingHeaders/runtime/JSObjectWithGlobalObject.h (added)
• WebCore/WebCore.PluginHostProcess.exp (modified) (2 diffs)
• WebCore/bindings/js/JSDOMBinding.cpp (modified) (1 diff)
• WebCore/bindings/js/JSDOMWindowCustom.cpp (modified) (1 diff)
• WebCore/bindings/js/JSDOMWindowShell.cpp (modified) (1 diff)
• WebCore/bindings/js/JSHistoryCustom.cpp (modified) (1 diff)
• WebCore/bindings/js/JSLocationCustom.cpp (modified) (1 diff)
• WebCore/bindings/js/WorkerScriptController.cpp (modified) (1 diff)
• WebCore/bindings/scripts/CodeGeneratorJS.pm (modified) (4 diffs)
• WebCore/bridge/c/CRuntimeObject.cpp (modified) (1 diff)
• WebCore/bridge/c/CRuntimeObject.h (modified) (1 diff)
• WebCore/bridge/c/c_instance.cpp (modified) (3 diffs)
• WebCore/bridge/jni/jsc/JavaInstanceJSC.cpp (modified) (3 diffs)
• WebCore/bridge/jni/jsc/JavaRuntimeObject.cpp (modified) (1 diff)
• WebCore/bridge/jni/jsc/JavaRuntimeObject.h (modified) (1 diff)
• WebCore/bridge/jsc/BridgeJSC.cpp (modified) (1 diff)
• WebCore/bridge/objc/ObjCRuntimeObject.h (modified) (1 diff)
• WebCore/bridge/objc/ObjCRuntimeObject.mm (modified) (1 diff)
• WebCore/bridge/objc/objc_class.mm (modified) (1 diff)
• WebCore/bridge/objc/objc_instance.mm (modified) (3 diffs)
• WebCore/bridge/objc/objc_runtime.h (modified) (2 diffs)
• WebCore/bridge/objc/objc_runtime.mm (modified) (1 diff)
• WebCore/bridge/runtime_method.cpp (modified) (1 diff)
• WebCore/bridge/runtime_method.h (modified) (1 diff)
• WebCore/bridge/runtime_object.cpp (modified) (1 diff)
• WebCore/bridge/runtime_object.h (modified) (2 diffs)
• WebKit/mac/ChangeLog (modified) (1 diff)
• WebKit/mac/Plugins/Hosted/ProxyInstance.mm (modified) (3 diffs)
• WebKit/mac/Plugins/Hosted/ProxyRuntimeObject.h (modified) (1 diff)
• WebKit/mac/Plugins/Hosted/ProxyRuntimeObject.mm (modified) (1 diff)

trunk/JavaScriptCore/API/JSCallbackConstructor.cpp

@@ -38 +38 @@
 const ClassInfo JSCallbackConstructor::info = { "CallbackConstructor", 0, 0, 0 };
 
-JSCallbackConstructor::JSCallbackConstructor(NonNullPassRefPtr<Structure> structure, JSClassRef jsClass, JSObjectCallAsConstructorCallback callback)
-    : JSObject(structure)
+JSCallbackConstructor::JSCallbackConstructor(JSGlobalObject* globalObject, NonNullPassRefPtr<Structure> structure, JSClassRef jsClass, JSObjectCallAsConstructorCallback callback)
+    : JSObjectWithGlobalObject(globalObject, structure)
     , m_class(jsClass)
     , m_callback(callback)

trunk/JavaScriptCore/API/JSCallbackConstructor.h

@@ -28 +28 @@
 
 #include "JSObjectRef.h"
-#include <runtime/JSObject.h>
+#include <runtime/JSObjectWithGlobalObject.h>
 
 namespace JSC {
 
-class JSCallbackConstructor : public JSObject {
+class JSCallbackConstructor : public JSObjectWithGlobalObject {
 public:
-    JSCallbackConstructor(NonNullPassRefPtr<Structure>, JSClassRef, JSObjectCallAsConstructorCallback);
+    JSCallbackConstructor(JSGlobalObject*, NonNullPassRefPtr<Structure>, JSClassRef, JSObjectCallAsConstructorCallback);
     virtual ~JSCallbackConstructor();
     JSClassRef classRef() const { return m_class; }

trunk/JavaScriptCore/API/JSCallbackFunction.cpp

@@ -42 +42 @@
 const ClassInfo JSCallbackFunction::info = { "CallbackFunction", &InternalFunction::info, 0, 0 };
 
-JSCallbackFunction::JSCallbackFunction(ExecState* exec, JSObjectCallAsFunctionCallback callback, const Identifier& name)
-    : InternalFunction(&exec->globalData(), exec->lexicalGlobalObject()->callbackFunctionStructure(), name)
+JSCallbackFunction::JSCallbackFunction(ExecState* exec, JSGlobalObject* globalObject, JSObjectCallAsFunctionCallback callback, const Identifier& name)
+    : InternalFunction(&exec->globalData(), globalObject, globalObject->callbackFunctionStructure(), name)
     , m_callback(callback)
 {

trunk/JavaScriptCore/API/JSCallbackFunction.h

@@ -34 +34 @@
 class JSCallbackFunction : public InternalFunction {
 public:
-    JSCallbackFunction(ExecState*, JSObjectCallAsFunctionCallback, const Identifier& name);
+    JSCallbackFunction(ExecState*, JSGlobalObject*, JSObjectCallAsFunctionCallback, const Identifier& name);
 
     static const ClassInfo info;

trunk/JavaScriptCore/API/JSCallbackObject.cpp

@@ -33 +33 @@
 namespace JSC {
 
-ASSERT_CLASS_FITS_IN_CELL(JSCallbackObject<JSObject>);
+ASSERT_CLASS_FITS_IN_CELL(JSCallbackObject<JSObjectWithGlobalObject>);
 ASSERT_CLASS_FITS_IN_CELL(JSCallbackObject<JSGlobalObject>);
 
 // Define the two types of JSCallbackObjects we support.
-template <> const ClassInfo JSCallbackObject<JSObject>::info = { "CallbackObject", 0, 0, 0 };
+template <> const ClassInfo JSCallbackObject<JSObjectWithGlobalObject>::info = { "CallbackObject", 0, 0, 0 };
 template <> const ClassInfo JSCallbackObject<JSGlobalObject>::info = { "CallbackGlobalObject", 0, 0, 0 };
 

trunk/JavaScriptCore/API/JSCallbackObject.h

@@ -115 +115 @@
 class JSCallbackObject : public Base {
 public:
-    JSCallbackObject(ExecState*, NonNullPassRefPtr<Structure>, JSClassRef, void* data);
-    JSCallbackObject(JSClassRef);
+    JSCallbackObject(ExecState*, JSGlobalObject*, NonNullPassRefPtr<Structure>, JSClassRef, void* data);
+    JSCallbackObject(JSClassRef, NonNullPassRefPtr<Structure>);
     virtual ~JSCallbackObject();
 

trunk/JavaScriptCore/API/JSCallbackObjectFunctions.h

@@ -49 +49 @@
 
 template <class Base>
-JSCallbackObject<Base>::JSCallbackObject(ExecState* exec, NonNullPassRefPtr<Structure> structure, JSClassRef jsClass, void* data)
-    : Base(structure)
+JSCallbackObject<Base>::JSCallbackObject(ExecState* exec, JSGlobalObject* globalObject, NonNullPassRefPtr<Structure> structure, JSClassRef jsClass, void* data)
+    : Base(globalObject, structure)
     , m_callbackObjectData(new JSCallbackObjectData(data, jsClass))
 {
@@ -59 +59 @@
 // FIXME: Move this into a separate JSGlobalCallbackObject class derived from this one.
 template <class Base>
-JSCallbackObject<Base>::JSCallbackObject(JSClassRef jsClass)
-    : Base()
+JSCallbackObject<Base>::JSCallbackObject(JSClassRef jsClass, NonNullPassRefPtr<Structure> structure)
+    : Base(structure)
     , m_callbackObjectData(new JSCallbackObjectData(0, jsClass))
 {
@@ -561 +561 @@
             if (StaticFunctionEntry* entry = staticFunctions->get(propertyName.ustring().rep())) {
                 if (JSObjectCallAsFunctionCallback callAsFunction = entry->callAsFunction) {
-                    JSObject* o = new (exec) JSCallbackFunction(exec, callAsFunction, propertyName);
+                    
+                    JSObject* o = new (exec) JSCallbackFunction(exec, asGlobalObject(thisObj->getAnonymousValue(0)), callAsFunction, propertyName);
                     thisObj->putDirect(propertyName, o, entry->attributes);
                     return o;

trunk/JavaScriptCore/API/JSClassRef.cpp

@@ -257 +257 @@
     if (!jsClassData.cachedPrototype) {
         // Recursive, but should be good enough for our purposes
-        jsClassData.cachedPrototype = new (exec) JSCallbackObject<JSObject>(exec, exec->lexicalGlobalObject()->callbackObjectStructure(), prototypeClass, &jsClassData); // set jsClassData as the object's private data, so it can clear our reference on destruction
+        jsClassData.cachedPrototype = new (exec) JSCallbackObject<JSObjectWithGlobalObject>(exec, exec->lexicalGlobalObject(), exec->lexicalGlobalObject()->callbackObjectStructure(), prototypeClass, &jsClassData); // set jsClassData as the object's private data, so it can clear our reference on destruction
         if (parentClass) {
             if (JSObject* prototype = parentClass->prototype(exec))

trunk/JavaScriptCore/API/JSContextRef.cpp

@@ -98 +98 @@
     }
 
-    JSGlobalObject* globalObject = new (globalData.get()) JSCallbackObject<JSGlobalObject>(globalObjectClass);
+    JSGlobalObject* globalObject = new (globalData.get()) JSCallbackObject<JSGlobalObject>(globalObjectClass, JSCallbackObject<JSGlobalObject>::createStructure(jsNull()));
     ExecState* exec = globalObject->globalExec();
     JSValue prototype = globalObjectClass->prototype(exec);

trunk/JavaScriptCore/API/JSObjectRef.cpp

@@ -82 +82 @@
         return toRef(new (exec) JSObject(exec->lexicalGlobalObject()->emptyObjectStructure())); // slightly more efficient
 
-    JSCallbackObject<JSObject>* object = new (exec) JSCallbackObject<JSObject>(exec, exec->lexicalGlobalObject()->callbackObjectStructure(), jsClass, data);
+    JSCallbackObject<JSObjectWithGlobalObject>* object = new (exec) JSCallbackObject<JSObjectWithGlobalObject>(exec, exec->lexicalGlobalObject(), exec->lexicalGlobalObject()->callbackObjectStructure(), jsClass, data);
     if (JSObject* prototype = jsClass->prototype(exec))
         object->setPrototype(prototype);
@@ -96 +96 @@
     Identifier nameID = name ? name->identifier(&exec->globalData()) : Identifier(exec, "anonymous");
     
-    return toRef(new (exec) JSCallbackFunction(exec, callAsFunction, nameID));
+    return toRef(new (exec) JSCallbackFunction(exec, exec->lexicalGlobalObject(), callAsFunction, nameID));
 }
 
@@ -108 +108 @@
         jsPrototype = exec->lexicalGlobalObject()->objectPrototype();
 
-    JSCallbackConstructor* constructor = new (exec) JSCallbackConstructor(exec->lexicalGlobalObject()->callbackConstructorStructure(), jsClass, callAsConstructor);
+    JSCallbackConstructor* constructor = new (exec) JSCallbackConstructor(exec->lexicalGlobalObject(), exec->lexicalGlobalObject()->callbackConstructorStructure(), jsClass, callAsConstructor);
     constructor->putDirect(exec->propertyNames().prototype, jsPrototype, DontEnum | DontDelete | ReadOnly);
     return toRef(constructor);
@@ -344 +344 @@
     if (jsObject->inherits(&JSCallbackObject<JSGlobalObject>::info))
         return static_cast<JSCallbackObject<JSGlobalObject>*>(jsObject)->getPrivate();
-    else if (jsObject->inherits(&JSCallbackObject<JSObject>::info))
-        return static_cast<JSCallbackObject<JSObject>*>(jsObject)->getPrivate();
+    else if (jsObject->inherits(&JSCallbackObject<JSObjectWithGlobalObject>::info))
+        return static_cast<JSCallbackObject<JSObjectWithGlobalObject>*>(jsObject)->getPrivate();
     
     return 0;
@@ -357 +357 @@
         static_cast<JSCallbackObject<JSGlobalObject>*>(jsObject)->setPrivate(data);
         return true;
-    } else if (jsObject->inherits(&JSCallbackObject<JSObject>::info)) {
-        static_cast<JSCallbackObject<JSObject>*>(jsObject)->setPrivate(data);
+    } else if (jsObject->inherits(&JSCallbackObject<JSObjectWithGlobalObject>::info)) {
+        static_cast<JSCallbackObject<JSObjectWithGlobalObject>*>(jsObject)->setPrivate(data);
         return true;
     }
@@ -374 +374 @@
     if (jsObject->inherits(&JSCallbackObject<JSGlobalObject>::info))
         result = static_cast<JSCallbackObject<JSGlobalObject>*>(jsObject)->getPrivateProperty(name);
-    else if (jsObject->inherits(&JSCallbackObject<JSObject>::info))
-        result = static_cast<JSCallbackObject<JSObject>*>(jsObject)->getPrivateProperty(name);
+    else if (jsObject->inherits(&JSCallbackObject<JSObjectWithGlobalObject>::info))
+        result = static_cast<JSCallbackObject<JSObjectWithGlobalObject>*>(jsObject)->getPrivateProperty(name);
     return toRef(exec, result);
 }
@@ -390 +390 @@
         return true;
     }
-    if (jsObject->inherits(&JSCallbackObject<JSObject>::info)) {
-        static_cast<JSCallbackObject<JSObject>*>(jsObject)->setPrivateProperty(name, jsValue);
+    if (jsObject->inherits(&JSCallbackObject<JSObjectWithGlobalObject>::info)) {
+        static_cast<JSCallbackObject<JSObjectWithGlobalObject>*>(jsObject)->setPrivateProperty(name, jsValue);
         return true;
     }
@@ -407 +407 @@
         return true;
     }
-    if (jsObject->inherits(&JSCallbackObject<JSObject>::info)) {
-        static_cast<JSCallbackObject<JSObject>*>(jsObject)->deletePrivateProperty(name);
+    if (jsObject->inherits(&JSCallbackObject<JSObjectWithGlobalObject>::info)) {
+        static_cast<JSCallbackObject<JSObjectWithGlobalObject>*>(jsObject)->deletePrivateProperty(name);
         return true;
     }

trunk/JavaScriptCore/API/JSValueRef.cpp

@@ -132 +132 @@
         if (o->inherits(&JSCallbackObject<JSGlobalObject>::info))
             return static_cast<JSCallbackObject<JSGlobalObject>*>(o)->inherits(jsClass);
-        else if (o->inherits(&JSCallbackObject<JSObject>::info))
-            return static_cast<JSCallbackObject<JSObject>*>(o)->inherits(jsClass);
+        else if (o->inherits(&JSCallbackObject<JSObjectWithGlobalObject>::info))
+            return static_cast<JSCallbackObject<JSObjectWithGlobalObject>*>(o)->inherits(jsClass);
     }
     return false;

trunk/JavaScriptCore/API/JSWeakObjectMapRefPrivate.cpp

@@ -59 +59 @@
     if (!obj)
         return;
-    ASSERT(obj->inherits(&JSCallbackObject<JSGlobalObject>::info) || obj->inherits(&JSCallbackObject<JSObject>::info));
+    ASSERT(obj->inherits(&JSCallbackObject<JSGlobalObject>::info) || obj->inherits(&JSCallbackObject<JSObjectWithGlobalObject>::info));
     map->map().set(key, obj);
 }

trunk/JavaScriptCore/CMakeLists.txt

@@ -123 +123 @@
     runtime/JSNumberCell.cpp
     runtime/JSObject.cpp
+    runtime/JSObjectWithGlobalObject.cpp
     runtime/JSONObject.cpp
     runtime/JSPropertyNameIterator.cpp

trunk/JavaScriptCore/ChangeLog

@@ +1 @@
+2010-05-21  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Geoffrey Garen.
+
+        All callable objects should have a global object reference
+        https://bugs.webkit.org/show_bug.cgi?id=39495
+
+        All objects that may ever return a value other CallTypeNone
+        or ConstructTypeNone now get a global object in their constructor
+        and store that in their first anonymous slot.  We add a new type
+        JSObjectWithGlobalObject to allow us to share this logic as much
+        as possible, however some objects have specific inheritance 
+        requirements so we can't just use it universally.
+
+        To enforce this requirement JSValue::getCallData and getConstructData
+        make use of a new "isValidCallee" function to assert that any object
+        that returns a value other than CallType/ConstructTypeNone has a
+        global object in anonymous slot 0.
+
+        In order to ensure that static function slots are converted into
+        function objects with the correct global object, all prototype objects
+        and other classes with static function slots also gain a global object
+        reference.  Happily this fixes the long standing issue where host
+        function objects get a prototype from the lexical global object of the
+        first function that calls them, instead of the global object that they
+        are defined on.
+
+        * API/JSCallbackConstructor.cpp:
+        (JSC::JSCallbackConstructor::JSCallbackConstructor):
+        * API/JSCallbackConstructor.h:
+        * API/JSCallbackFunction.cpp:
+        (JSC::JSCallbackFunction::JSCallbackFunction):
+        * API/JSCallbackFunction.h:
+        * API/JSCallbackObject.cpp:
+        (JSC::):
+        * API/JSCallbackObject.h:
+        * API/JSCallbackObjectFunctions.h:
+        (JSC::::JSCallbackObject):
+        (JSC::::staticFunctionGetter):
+        * API/JSClassRef.cpp:
+        (OpaqueJSClass::prototype):
+        * API/JSContextRef.cpp:
+        * API/JSObjectRef.cpp:
+        (JSObjectMake):
+        (JSObjectMakeFunctionWithCallback):
+        (JSObjectMakeConstructor):
+        (JSObjectGetPrivate):
+        (JSObjectSetPrivate):
+        (JSObjectGetPrivateProperty):
+        (JSObjectSetPrivateProperty):
+        (JSObjectDeletePrivateProperty):
+        * API/JSValueRef.cpp:
+        (JSValueIsObjectOfClass):
+        * API/JSWeakObjectMapRefPrivate.cpp:
+        * CMakeLists.txt:
+        * GNUmakefile.am:
+        * JavaScriptCore.exp:
+        * JavaScriptCore.gypi:
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * interpreter/Interpreter.cpp:
+        (JSC::Interpreter::privateExecute):
+        * jit/JITStubs.cpp:
+        (JSC::DEFINE_STUB_FUNCTION):
+        * jsc.cpp:
+        (GlobalObject::GlobalObject):
+        * runtime/ArrayConstructor.cpp:
+        (JSC::ArrayConstructor::ArrayConstructor):
+        * runtime/ArrayConstructor.h:
+        * runtime/ArrayPrototype.cpp:
+        (JSC::ArrayPrototype::ArrayPrototype):
+        * runtime/ArrayPrototype.h:
+        (JSC::ArrayPrototype::createStructure):
+        * runtime/BooleanConstructor.cpp:
+        (JSC::BooleanConstructor::BooleanConstructor):
+        * runtime/BooleanConstructor.h:
+        * runtime/BooleanPrototype.cpp:
+        (JSC::BooleanPrototype::BooleanPrototype):
+        * runtime/BooleanPrototype.h:
+        * runtime/DateConstructor.cpp:
+        (JSC::DateConstructor::DateConstructor):
+        * runtime/DateConstructor.h:
+        * runtime/DatePrototype.cpp:
+        (JSC::DatePrototype::DatePrototype):
+        * runtime/DatePrototype.h:
+        * runtime/ErrorConstructor.cpp:
+        (JSC::ErrorConstructor::ErrorConstructor):
+        * runtime/ErrorConstructor.h:
+        * runtime/ErrorPrototype.cpp:
+        (JSC::ErrorPrototype::ErrorPrototype):
+        * runtime/ErrorPrototype.h:
+        * runtime/FunctionConstructor.cpp:
+        (JSC::FunctionConstructor::FunctionConstructor):
+        * runtime/FunctionConstructor.h:
+        * runtime/FunctionPrototype.cpp:
+        (JSC::FunctionPrototype::FunctionPrototype):
+        (JSC::FunctionPrototype::addFunctionProperties):
+        * runtime/FunctionPrototype.h:
+        * runtime/GlobalEvalFunction.cpp:
+        (JSC::GlobalEvalFunction::GlobalEvalFunction):
+        * runtime/GlobalEvalFunction.h:
+        * runtime/InternalFunction.cpp:
+        (JSC::InternalFunction::InternalFunction):
+        * runtime/InternalFunction.h:
+        * runtime/JSCell.h:
+        (JSC::JSValue::getCallData):
+        (JSC::JSValue::getConstructData):
+        * runtime/JSFunction.cpp:
+        (JSC::JSFunction::JSFunction):
+        * runtime/JSFunction.h:
+        * runtime/JSGlobalObject.cpp:
+        (JSC::JSGlobalObject::reset):
+        * runtime/JSGlobalObject.h:
+        (JSC::JSGlobalObject::JSGlobalObject):
+        * runtime/JSONObject.cpp:
+        (JSC::JSONObject::JSONObject):
+        * runtime/JSONObject.h:
+        * runtime/JSObject.h:
+        * runtime/JSObjectWithGlobalObject.cpp: Added.
+        (JSC::JSObjectWithGlobalObject::JSObjectWithGlobalObject):
+        * runtime/JSObjectWithGlobalObject.h: Added.
+        (JSC::JSObjectWithGlobalObject::createStructure):
+        (JSC::JSObjectWithGlobalObject::JSObjectWithGlobalObject):
+        * runtime/JSValue.cpp:
+        (JSC::JSValue::isValidCallee):
+        * runtime/JSValue.h:
+        * runtime/Lookup.cpp:
+        (JSC::setUpStaticFunctionSlot):
+        * runtime/MathObject.cpp:
+        (JSC::MathObject::MathObject):
+        * runtime/MathObject.h:
+        * runtime/NativeErrorConstructor.cpp:
+        (JSC::NativeErrorConstructor::NativeErrorConstructor):
+        * runtime/NativeErrorConstructor.h:
+        * runtime/NativeErrorPrototype.cpp:
+        (JSC::NativeErrorPrototype::NativeErrorPrototype):
+        * runtime/NativeErrorPrototype.h:
+        * runtime/NumberConstructor.cpp:
+        (JSC::NumberConstructor::NumberConstructor):
+        * runtime/NumberConstructor.h:
+        * runtime/NumberPrototype.cpp:
+        (JSC::NumberPrototype::NumberPrototype):
+        * runtime/NumberPrototype.h:
+        * runtime/ObjectConstructor.cpp:
+        (JSC::ObjectConstructor::ObjectConstructor):
+        * runtime/ObjectConstructor.h:
+        * runtime/ObjectPrototype.cpp:
+        (JSC::ObjectPrototype::ObjectPrototype):
+        * runtime/ObjectPrototype.h:
+        * runtime/PrototypeFunction.cpp:
+        (JSC::PrototypeFunction::PrototypeFunction):
+        * runtime/PrototypeFunction.h:
+        * runtime/RegExpConstructor.cpp:
+        (JSC::RegExpConstructor::RegExpConstructor):
+        (JSC::constructRegExp):
+        * runtime/RegExpConstructor.h:
+        * runtime/RegExpObject.cpp:
+        (JSC::RegExpObject::RegExpObject):
+        * runtime/RegExpObject.h:
+        * runtime/RegExpPrototype.cpp:
+        (JSC::RegExpPrototype::RegExpPrototype):
+        * runtime/RegExpPrototype.h:
+        * runtime/StringConstructor.cpp:
+        (JSC::StringConstructor::StringConstructor):
+        * runtime/StringConstructor.h:
+        * runtime/StringPrototype.cpp:
+        (JSC::StringPrototype::StringPrototype):
+        * runtime/StringPrototype.h:
+
 2010-05-21  Geoffrey Garen  <ggaren@apple.com>
 

trunk/JavaScriptCore/GNUmakefile.am

@@ -464 +464 @@
         JavaScriptCore/runtime/JSNumberCell.h \
         JavaScriptCore/runtime/JSObject.cpp \
+        JavaScriptCore/runtime/JSObjectWithGlobalObject.cpp \
         JavaScriptCore/runtime/JSObject.h \
         JavaScriptCore/runtime/JSStaticScopeObject.cpp \

trunk/JavaScriptCore/JavaScriptCore.exp

@@ -102 +102 @@
 __Z15jsRegExpExecutePK8JSRegExpPKtiiPii
 __ZN14OpaqueJSString6createERKN3JSC7UStringE
+__ZN3JSC10JSFunctionC1EPNS_9ExecStateEPNS_14JSGlobalObjectEN3WTF17NonNullPassRefPtrINS_9StructureEEEiRKNS_10IdentifierEPFNS_7JSValueES2_PNS_8JSObjectESC_RKNS_7ArgListEE
 __ZN3JSC10Identifier11addSlowCaseEPNS_12JSGlobalDataEPN7WebCore10StringImplE
 __ZN3JSC10Identifier11addSlowCaseEPNS_9ExecStateEPN7WebCore10StringImplE
@@ -112 +113 @@
 __ZN3JSC10JSFunction4infoE
 __ZN3JSC10JSFunction4nameEPNS_9ExecStateE
-__ZN3JSC10JSFunctionC1EPNS_9ExecStateEN3WTF17NonNullPassRefPtrINS_9StructureEEEiRKNS_10IdentifierEPFNS_7JSValueES2_PNS_8JSObjectESA_RKNS_7ArgListEE
 __ZN3JSC10throwErrorEPNS_9ExecStateENS_9ErrorTypeE
 __ZN3JSC10throwErrorEPNS_9ExecStateENS_9ErrorTypeEPKc
@@ -170 +170 @@
 __ZN3JSC16InternalFunction4infoE
 __ZN3JSC16InternalFunction4nameEPNS_9ExecStateE
-__ZN3JSC16InternalFunctionC2EPNS_12JSGlobalDataEN3WTF17NonNullPassRefPtrINS_9StructureEEERKNS_10IdentifierE
+__ZN3JSC16InternalFunctionC2EPNS_12JSGlobalDataEPNS_14JSGlobalObjectEN3WTF17NonNullPassRefPtrINS_9StructureEEERKNS_10IdentifierE
 __ZN3JSC16JSVariableObject14deletePropertyEPNS_9ExecStateERKNS_10IdentifierE
 __ZN3JSC16JSVariableObject14symbolTableGetERKNS_10IdentifierERNS_18PropertyDescriptorE
@@ -177 +177 @@
 __ZN3JSC17BytecodeGenerator21setDumpsGeneratedCodeEb
 __ZN3JSC17PropertyNameArray3addEPN7WebCore10StringImplE
-__ZN3JSC17PrototypeFunctionC1EPNS_9ExecStateEN3WTF17NonNullPassRefPtrINS_9StructureEEEiRKNS_10IdentifierEPFNS_7JSValueES2_PNS_8JSObjectESA_RKNS_7ArgListEE
-__ZN3JSC17PrototypeFunctionC1EPNS_9ExecStateEiRKNS_10IdentifierEPFNS_7JSValueES2_PNS_8JSObjectES6_RKNS_7ArgListEE
+__ZN3JSC17PrototypeFunctionC1EPNS_9ExecStateEPNS_14JSGlobalObjectEN3WTF17NonNullPassRefPtrINS_9StructureEEEiRKNS_10IdentifierEPFNS_7JSValueES2_PNS_8JSObjectESC_RKNS_7ArgListEE
 __ZN3JSC17constructFunctionEPNS_9ExecStateERKNS_7ArgListERKNS_10IdentifierERKNS_7UStringEi
 __ZN3JSC18DebuggerActivationC1EPNS_8JSObjectE
@@ -196 +195 @@
 __ZN3JSC23setUpStaticFunctionSlotEPNS_9ExecStateEPKNS_9HashEntryEPNS_8JSObjectERKNS_10IdentifierERNS_12PropertySlotE
 __ZN3JSC24createStackOverflowErrorEPNS_9ExecStateE
+__ZN3JSC24JSObjectWithGlobalObjectC2EPNS_14JSGlobalObjectEN3WTF17NonNullPassRefPtrINS_9StructureEEE
 __ZN3JSC25evaluateInGlobalCallFrameERKNS_7UStringERNS_7JSValueEPNS_14JSGlobalObjectE
 __ZN3JSC35createInterruptedExecutionExceptionEPNS_12JSGlobalDataE
@@ -241 +241 @@
 __ZN3JSC7JSArrayC2EN3WTF17NonNullPassRefPtrINS_9StructureEEE
 __ZN3JSC7JSArrayD2Ev
+__ZN3JSC7JSValue13isValidCalleeEv
 __ZN3JSC7Profile10restoreAllEv
 __ZN3JSC7Profile5focusEPKNS_11ProfileNodeE

trunk/JavaScriptCore/JavaScriptCore.gypi

@@ -248 +248 @@
             'runtime/JSObject.cpp',
             'runtime/JSObject.h',
+            'runtime/JSObjectWithGlobalObject.cpp',
+            'runtime/JSObjectWithGlobalObject.h',
             'runtime/JSONObject.cpp',
             'runtime/JSONObject.h',

trunk/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj

@@ -851 +851 @@
                         <File
                                 RelativePath="..\..\runtime\JSObject.h"
+                                >
+                        </File>
+                        <File
+                                RelativePath="..\..\runtime\JSObjectWithGlobalObject.cpp"
+                                >
+                        </File>
+                        <File
+                                RelativePath="..\..\runtime\JSObjectWithGlobalObject.h"
                                 >
                         </File>

trunk/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj

@@ -310 +310 @@
                 A7795590101A74D500114E55 /* MarkStack.h in Headers */ = {isa = PBXBuildFile; fileRef = A779558F101A74D500114E55 /* MarkStack.h */; settings = {ATTRIBUTES = (Private, ); }; };
                 A782F1A50EEC9FA20036273F /* ExecutableAllocatorPosix.cpp in Sources */ = {isa = PBXBuildFile; fileRef = A782F1A40EEC9FA20036273F /* ExecutableAllocatorPosix.cpp */; };
+                A783A0D111A36DCA00563D20 /* JSObjectWithGlobalObject.h in Headers */ = {isa = PBXBuildFile; fileRef = A783A0D011A36DCA00563D20 /* JSObjectWithGlobalObject.h */; settings = {ATTRIBUTES = (Private, ); }; };
+                A783A2AB11A5BE8400563D20 /* JSObjectWithGlobalObject.cpp in Sources */ = {isa = PBXBuildFile; fileRef = A783A2AA11A5BE8400563D20 /* JSObjectWithGlobalObject.cpp */; };
                 A791EF280F11E07900AE1F68 /* JSByteArray.h in Headers */ = {isa = PBXBuildFile; fileRef = A791EF260F11E07900AE1F68 /* JSByteArray.h */; settings = {ATTRIBUTES = (Private, ); }; };
                 A791EF290F11E07900AE1F68 /* JSByteArray.cpp in Sources */ = {isa = PBXBuildFile; fileRef = A791EF270F11E07900AE1F68 /* JSByteArray.cpp */; };
@@ -899 +901 @@
                 A779558F101A74D500114E55 /* MarkStack.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = MarkStack.h; sourceTree = "<group>"; };
                 A782F1A40EEC9FA20036273F /* ExecutableAllocatorPosix.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = ExecutableAllocatorPosix.cpp; sourceTree = "<group>"; };
+                A783A0D011A36DCA00563D20 /* JSObjectWithGlobalObject.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = JSObjectWithGlobalObject.h; sourceTree = "<group>"; };
+                A783A2AA11A5BE8400563D20 /* JSObjectWithGlobalObject.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = JSObjectWithGlobalObject.cpp; sourceTree = "<group>"; };
                 A791EF260F11E07900AE1F68 /* JSByteArray.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = JSByteArray.h; sourceTree = "<group>"; };
                 A791EF270F11E07900AE1F68 /* JSByteArray.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = JSByteArray.cpp; sourceTree = "<group>"; };
@@ -1711 +1715 @@
                                 14035DB010DBFB2A00FFFFE7 /* WeakGCPtr.h */,
                                 1420BE7A10AA6DDB00F455D2 /* WeakRandom.h */,
+                                A783A0D011A36DCA00563D20 /* JSObjectWithGlobalObject.h */,
+                                A783A2AA11A5BE8400563D20 /* JSObjectWithGlobalObject.cpp */,
                         );
                         path = runtime;
@@ -2148 +2154 @@
                                 86C568E111A213EE0007F7F0 /* MacroAssemblerMIPS.h in Headers */,
                                 86C568E211A213EE0007F7F0 /* MIPSAssembler.h in Headers */,
+                                A783A0D111A36DCA00563D20 /* JSObjectWithGlobalObject.h in Headers */,
                         );
                         runOnlyForDeploymentPostprocessing = 0;
@@ -2601 +2608 @@
                                 A71236E51195F33C00BD2174 /* JITOpcodes32_64.cpp in Sources */,
                                 86C568E011A213EE0007F7F0 /* MacroAssemblerARM.cpp in Sources */,
+                                A783A2AB11A5BE8400563D20 /* JSObjectWithGlobalObject.cpp in Sources */,
                         );
                         runOnlyForDeploymentPostprocessing = 0;

trunk/JavaScriptCore/jit/JITStubs.cpp

@@ -2960 +2960 @@
     STUB_INIT_STACK_FRAME(stackFrame);
 
-    return new (stackFrame.globalData) RegExpObject(stackFrame.callFrame->lexicalGlobalObject()->regExpStructure(), stackFrame.args[0].regExp());
+    return new (stackFrame.globalData) RegExpObject(stackFrame.callFrame->lexicalGlobalObject(), stackFrame.callFrame->lexicalGlobalObject()->regExpStructure(), stackFrame.args[0].regExp());
 }
 

trunk/JavaScriptCore/jsc.cpp

@@ -151 +151 @@
     : JSGlobalObject()
 {
-    putDirectFunction(globalExec(), new (globalExec()) NativeFunctionWrapper(globalExec(), prototypeFunctionStructure(), 1, Identifier(globalExec(), "debug"), functionDebug));
-    putDirectFunction(globalExec(), new (globalExec()) NativeFunctionWrapper(globalExec(), prototypeFunctionStructure(), 1, Identifier(globalExec(), "print"), functionPrint));
-    putDirectFunction(globalExec(), new (globalExec()) NativeFunctionWrapper(globalExec(), prototypeFunctionStructure(), 0, Identifier(globalExec(), "quit"), functionQuit));
-    putDirectFunction(globalExec(), new (globalExec()) NativeFunctionWrapper(globalExec(), prototypeFunctionStructure(), 0, Identifier(globalExec(), "gc"), functionGC));
-    putDirectFunction(globalExec(), new (globalExec()) NativeFunctionWrapper(globalExec(), prototypeFunctionStructure(), 1, Identifier(globalExec(), "version"), functionVersion));
-    putDirectFunction(globalExec(), new (globalExec()) NativeFunctionWrapper(globalExec(), prototypeFunctionStructure(), 1, Identifier(globalExec(), "run"), functionRun));
-    putDirectFunction(globalExec(), new (globalExec()) NativeFunctionWrapper(globalExec(), prototypeFunctionStructure(), 1, Identifier(globalExec(), "load"), functionLoad));
-    putDirectFunction(globalExec(), new (globalExec()) NativeFunctionWrapper(globalExec(), prototypeFunctionStructure(), 1, Identifier(globalExec(), "checkSyntax"), functionCheckSyntax));
-    putDirectFunction(globalExec(), new (globalExec()) NativeFunctionWrapper(globalExec(), prototypeFunctionStructure(), 0, Identifier(globalExec(), "readline"), functionReadline));
+    putDirectFunction(globalExec(), new (globalExec()) NativeFunctionWrapper(globalExec(), this, prototypeFunctionStructure(), 1, Identifier(globalExec(), "debug"), functionDebug));
+    putDirectFunction(globalExec(), new (globalExec()) NativeFunctionWrapper(globalExec(), this, prototypeFunctionStructure(), 1, Identifier(globalExec(), "print"), functionPrint));
+    putDirectFunction(globalExec(), new (globalExec()) NativeFunctionWrapper(globalExec(), this, prototypeFunctionStructure(), 0, Identifier(globalExec(), "quit"), functionQuit));
+    putDirectFunction(globalExec(), new (globalExec()) NativeFunctionWrapper(globalExec(), this, prototypeFunctionStructure(), 0, Identifier(globalExec(), "gc"), functionGC));
+    putDirectFunction(globalExec(), new (globalExec()) NativeFunctionWrapper(globalExec(), this, prototypeFunctionStructure(), 1, Identifier(globalExec(), "version"), functionVersion));
+    putDirectFunction(globalExec(), new (globalExec()) NativeFunctionWrapper(globalExec(), this, prototypeFunctionStructure(), 1, Identifier(globalExec(), "run"), functionRun));
+    putDirectFunction(globalExec(), new (globalExec()) NativeFunctionWrapper(globalExec(), this, prototypeFunctionStructure(), 1, Identifier(globalExec(), "load"), functionLoad));
+    putDirectFunction(globalExec(), new (globalExec()) NativeFunctionWrapper(globalExec(), this, prototypeFunctionStructure(), 1, Identifier(globalExec(), "checkSyntax"), functionCheckSyntax));
+    putDirectFunction(globalExec(), new (globalExec()) NativeFunctionWrapper(globalExec(), this, prototypeFunctionStructure(), 0, Identifier(globalExec(), "readline"), functionReadline));
 
 #if ENABLE(SAMPLING_FLAGS)
-    putDirectFunction(globalExec(), new (globalExec()) NativeFunctionWrapper(globalExec(), prototypeFunctionStructure(), 1, Identifier(globalExec(), "setSamplingFlags"), functionSetSamplingFlags));
-    putDirectFunction(globalExec(), new (globalExec()) NativeFunctionWrapper(globalExec(), prototypeFunctionStructure(), 1, Identifier(globalExec(), "clearSamplingFlags"), functionClearSamplingFlags));
+    putDirectFunction(globalExec(), new (globalExec()) NativeFunctionWrapper(globalExec(), this, prototypeFunctionStructure(), 1, Identifier(globalExec(), "setSamplingFlags"), functionSetSamplingFlags));
+    putDirectFunction(globalExec(), new (globalExec()) NativeFunctionWrapper(globalExec(), this, prototypeFunctionStructure(), 1, Identifier(globalExec(), "clearSamplingFlags"), functionClearSamplingFlags));
 #endif
 

trunk/JavaScriptCore/runtime/ArrayConstructor.cpp

@@ -38 +38 @@
 static JSValue JSC_HOST_CALL arrayConstructorIsArray(ExecState*, JSObject*, JSValue, const ArgList&);
 
-ArrayConstructor::ArrayConstructor(ExecState* exec, NonNullPassRefPtr<Structure> structure, ArrayPrototype* arrayPrototype, Structure* prototypeFunctionStructure)
-    : InternalFunction(&exec->globalData(), structure, Identifier(exec, arrayPrototype->classInfo()->className))
+ArrayConstructor::ArrayConstructor(ExecState* exec, JSGlobalObject* globalObject, NonNullPassRefPtr<Structure> structure, ArrayPrototype* arrayPrototype, Structure* prototypeFunctionStructure)
+    : InternalFunction(&exec->globalData(), globalObject, structure, Identifier(exec, arrayPrototype->classInfo()->className))
 {
     // ECMA 15.4.3.1 Array.prototype
@@ -48 +48 @@
 
     // ES5
-    putDirectFunctionWithoutTransition(exec, new (exec) NativeFunctionWrapper(exec, prototypeFunctionStructure, 1, exec->propertyNames().isArray, arrayConstructorIsArray), DontEnum);
+    putDirectFunctionWithoutTransition(exec, new (exec) NativeFunctionWrapper(exec, globalObject, prototypeFunctionStructure, 1, exec->propertyNames().isArray, arrayConstructorIsArray), DontEnum);
 }
 

trunk/JavaScriptCore/runtime/ArrayConstructor.h

@@ -30 +30 @@
     class ArrayConstructor : public InternalFunction {
     public:
-        ArrayConstructor(ExecState*, NonNullPassRefPtr<Structure>, ArrayPrototype*, Structure*);
+        ArrayConstructor(ExecState*, JSGlobalObject*, NonNullPassRefPtr<Structure>, ArrayPrototype*, Structure*);
 
         virtual ConstructType getConstructData(ConstructData&);

trunk/JavaScriptCore/runtime/ArrayPrototype.cpp

@@ -117 +117 @@
 
 // ECMA 15.4.4
-ArrayPrototype::ArrayPrototype(NonNullPassRefPtr<Structure> structure)
+ArrayPrototype::ArrayPrototype(JSGlobalObject* globalObject, NonNullPassRefPtr<Structure> structure)
     : JSArray(structure)
 {
+    putAnonymousValue(0, globalObject);
 }
 

trunk/JavaScriptCore/runtime/ArrayPrototype.h

@@ -29 +29 @@
     class ArrayPrototype : public JSArray {
     public:
-        explicit ArrayPrototype(NonNullPassRefPtr<Structure>);
+        explicit ArrayPrototype(JSGlobalObject*, NonNullPassRefPtr<Structure>);
 
         bool getOwnPropertySlot(ExecState*, const Identifier&, PropertySlot&);
@@ -36 +36 @@
         virtual const ClassInfo* classInfo() const { return &info; }
         static const ClassInfo info;
+
+        static PassRefPtr<Structure> createStructure(JSValue prototype)
+        {
+            return Structure::create(prototype, TypeInfo(ObjectType, StructureFlags), AnonymousSlotCount);
+        }
+
+    protected:
+        static const unsigned AnonymousSlotCount = JSArray::AnonymousSlotCount + 1;
     };
 

trunk/JavaScriptCore/runtime/BooleanConstructor.cpp

@@ -29 +29 @@
 ASSERT_CLASS_FITS_IN_CELL(BooleanConstructor);
 
-BooleanConstructor::BooleanConstructor(ExecState* exec, NonNullPassRefPtr<Structure> structure, BooleanPrototype* booleanPrototype)
-    : InternalFunction(&exec->globalData(), structure, Identifier(exec, booleanPrototype->classInfo()->className))
+BooleanConstructor::BooleanConstructor(ExecState* exec, JSGlobalObject* globalObject, NonNullPassRefPtr<Structure> structure, BooleanPrototype* booleanPrototype)
+    : InternalFunction(&exec->globalData(), globalObject, structure, Identifier(exec, booleanPrototype->classInfo()->className))
 {
     putDirectWithoutTransition(exec->propertyNames().prototype, booleanPrototype, DontEnum | DontDelete | ReadOnly);

trunk/JavaScriptCore/runtime/BooleanConstructor.h

@@ -30 +30 @@
     class BooleanConstructor : public InternalFunction {
     public:
-        BooleanConstructor(ExecState*, NonNullPassRefPtr<Structure>, BooleanPrototype*);
+        BooleanConstructor(ExecState*, JSGlobalObject*, NonNullPassRefPtr<Structure>, BooleanPrototype*);
 
     private:

trunk/JavaScriptCore/runtime/BooleanPrototype.cpp

@@ -38 +38 @@
 // ECMA 15.6.4
 
-BooleanPrototype::BooleanPrototype(ExecState* exec, NonNullPassRefPtr<Structure> structure, Structure* prototypeFunctionStructure)
+BooleanPrototype::BooleanPrototype(ExecState* exec, JSGlobalObject* globalObject, NonNullPassRefPtr<Structure> structure, Structure* prototypeFunctionStructure)
     : BooleanObject(structure)
 {
     setInternalValue(jsBoolean(false));
 
-    putDirectFunctionWithoutTransition(exec, new (exec) NativeFunctionWrapper(exec, prototypeFunctionStructure, 0, exec->propertyNames().toString, booleanProtoFuncToString), DontEnum);
-    putDirectFunctionWithoutTransition(exec, new (exec) NativeFunctionWrapper(exec, prototypeFunctionStructure, 0, exec->propertyNames().valueOf, booleanProtoFuncValueOf), DontEnum);
+    putDirectFunctionWithoutTransition(exec, new (exec) NativeFunctionWrapper(exec, globalObject, prototypeFunctionStructure, 0, exec->propertyNames().toString, booleanProtoFuncToString), DontEnum);
+    putDirectFunctionWithoutTransition(exec, new (exec) NativeFunctionWrapper(exec, globalObject, prototypeFunctionStructure, 0, exec->propertyNames().valueOf, booleanProtoFuncValueOf), DontEnum);
 }
 

trunk/JavaScriptCore/runtime/BooleanPrototype.h

@@ -28 +28 @@
     class BooleanPrototype : public BooleanObject {
     public:
-        BooleanPrototype(ExecState*, NonNullPassRefPtr<Structure>, Structure* prototypeFunctionStructure);
+        BooleanPrototype(ExecState*, JSGlobalObject*, NonNullPassRefPtr<Structure>, Structure* prototypeFunctionStructure);
     };
 

trunk/JavaScriptCore/runtime/DateConstructor.cpp

@@ -59 +59 @@
 static JSValue JSC_HOST_CALL dateUTC(ExecState*, JSObject*, JSValue, const ArgList&);
 
-DateConstructor::DateConstructor(ExecState* exec, NonNullPassRefPtr<Structure> structure, Structure* prototypeFunctionStructure, DatePrototype* datePrototype)
-    : InternalFunction(&exec->globalData(), structure, Identifier(exec, datePrototype->classInfo()->className))
+DateConstructor::DateConstructor(ExecState* exec, JSGlobalObject* globalObject, NonNullPassRefPtr<Structure> structure, Structure* prototypeFunctionStructure, DatePrototype* datePrototype)
+    : InternalFunction(&exec->globalData(), globalObject, structure, Identifier(exec, datePrototype->classInfo()->className))
 {
       putDirectWithoutTransition(exec->propertyNames().prototype, datePrototype, DontEnum|DontDelete|ReadOnly);
 
-      putDirectFunctionWithoutTransition(exec, new (exec) NativeFunctionWrapper(exec, prototypeFunctionStructure, 1, exec->propertyNames().parse, dateParse), DontEnum);
-      putDirectFunctionWithoutTransition(exec, new (exec) NativeFunctionWrapper(exec, prototypeFunctionStructure, 7, exec->propertyNames().UTC, dateUTC), DontEnum);
-      putDirectFunctionWithoutTransition(exec, new (exec) NativeFunctionWrapper(exec, prototypeFunctionStructure, 0, exec->propertyNames().now, dateNow), DontEnum);
+      putDirectFunctionWithoutTransition(exec, new (exec) NativeFunctionWrapper(exec, globalObject, prototypeFunctionStructure, 1, exec->propertyNames().parse, dateParse), DontEnum);
+      putDirectFunctionWithoutTransition(exec, new (exec) NativeFunctionWrapper(exec, globalObject, prototypeFunctionStructure, 7, exec->propertyNames().UTC, dateUTC), DontEnum);
+      putDirectFunctionWithoutTransition(exec, new (exec) NativeFunctionWrapper(exec, globalObject, prototypeFunctionStructure, 0, exec->propertyNames().now, dateNow), DontEnum);
 
       putDirectWithoutTransition(exec->propertyNames().length, jsNumber(exec, 7), ReadOnly | DontEnum | DontDelete);

trunk/JavaScriptCore/runtime/DateConstructor.h

@@ -30 +30 @@
     class DateConstructor : public InternalFunction {
     public:
-        DateConstructor(ExecState*, NonNullPassRefPtr<Structure>, Structure* prototypeFunctionStructure, DatePrototype*);
+        DateConstructor(ExecState*, JSGlobalObject*, NonNullPassRefPtr<Structure>, Structure* prototypeFunctionStructure, DatePrototype*);
 
     private:

trunk/JavaScriptCore/runtime/DatePrototype.cpp

@@ -419 +419 @@
 // ECMA 15.9.4
 
-DatePrototype::DatePrototype(ExecState* exec, NonNullPassRefPtr<Structure> structure)
+DatePrototype::DatePrototype(ExecState* exec, JSGlobalObject* globalObject, NonNullPassRefPtr<Structure> structure)
     : DateInstance(exec, structure)
 {
     // The constructor will be added later, after DateConstructor has been built.
+    putAnonymousValue(0, globalObject);
 }
 

trunk/JavaScriptCore/runtime/DatePrototype.h

@@ -30 +30 @@
     class DatePrototype : public DateInstance {
     public:
-        DatePrototype(ExecState*, NonNullPassRefPtr<Structure>);
+        DatePrototype(ExecState*, JSGlobalObject*, NonNullPassRefPtr<Structure>);
 
         virtual bool getOwnPropertySlot(ExecState*, const Identifier&, PropertySlot&);

trunk/JavaScriptCore/runtime/ErrorConstructor.cpp

@@ -30 +30 @@
 ASSERT_CLASS_FITS_IN_CELL(ErrorConstructor);
 
-ErrorConstructor::ErrorConstructor(ExecState* exec, NonNullPassRefPtr<Structure> structure, ErrorPrototype* errorPrototype)
-    : InternalFunction(&exec->globalData(), structure, Identifier(exec, errorPrototype->classInfo()->className))
+ErrorConstructor::ErrorConstructor(ExecState* exec, JSGlobalObject* globalObject, NonNullPassRefPtr<Structure> structure, ErrorPrototype* errorPrototype)
+    : InternalFunction(&exec->globalData(), globalObject, structure, Identifier(exec, errorPrototype->classInfo()->className))
 {
     // ECMA 15.11.3.1 Error.prototype

trunk/JavaScriptCore/runtime/ErrorConstructor.h

@@ -31 +31 @@
     class ErrorConstructor : public InternalFunction {
     public:
-        ErrorConstructor(ExecState*, NonNullPassRefPtr<Structure>, ErrorPrototype*);
+        ErrorConstructor(ExecState*, JSGlobalObject*, NonNullPassRefPtr<Structure>, ErrorPrototype*);
 
     private:

trunk/JavaScriptCore/runtime/ErrorPrototype.cpp

@@ -36 +36 @@
 
 // ECMA 15.9.4
-ErrorPrototype::ErrorPrototype(ExecState* exec, NonNullPassRefPtr<Structure> structure, Structure* prototypeFunctionStructure)
+ErrorPrototype::ErrorPrototype(ExecState* exec, JSGlobalObject* globalObject, NonNullPassRefPtr<Structure> structure, Structure* prototypeFunctionStructure)
     : ErrorInstance(structure)
 {
@@ -44 +44 @@
     putDirectWithoutTransition(exec->propertyNames().message, jsNontrivialString(exec, "Unknown error"), DontEnum);
 
-    putDirectFunctionWithoutTransition(exec, new (exec) NativeFunctionWrapper(exec, prototypeFunctionStructure, 0, exec->propertyNames().toString, errorProtoFuncToString), DontEnum);
+    putDirectFunctionWithoutTransition(exec, new (exec) NativeFunctionWrapper(exec, globalObject, prototypeFunctionStructure, 0, exec->propertyNames().toString, errorProtoFuncToString), DontEnum);
 }
 

trunk/JavaScriptCore/runtime/ErrorPrototype.h

@@ -30 +30 @@
     class ErrorPrototype : public ErrorInstance {
     public:
-        ErrorPrototype(ExecState*, NonNullPassRefPtr<Structure>, Structure* prototypeFunctionStructure);
+        ErrorPrototype(ExecState*, JSGlobalObject*, NonNullPassRefPtr<Structure>, Structure* prototypeFunctionStructure);
     };
 

trunk/JavaScriptCore/runtime/FunctionConstructor.cpp

@@ -36 +36 @@
 ASSERT_CLASS_FITS_IN_CELL(FunctionConstructor);
 
-FunctionConstructor::FunctionConstructor(ExecState* exec, NonNullPassRefPtr<Structure> structure, FunctionPrototype* functionPrototype)
-    : InternalFunction(&exec->globalData(), structure, Identifier(exec, functionPrototype->classInfo()->className))
+FunctionConstructor::FunctionConstructor(ExecState* exec, JSGlobalObject* globalObject, NonNullPassRefPtr<Structure> structure, FunctionPrototype* functionPrototype)
+    : InternalFunction(&exec->globalData(), globalObject, structure, Identifier(exec, functionPrototype->classInfo()->className))
 {
     putDirectWithoutTransition(exec->propertyNames().prototype, functionPrototype, DontEnum | DontDelete | ReadOnly);

trunk/JavaScriptCore/runtime/FunctionConstructor.h

@@ -30 +30 @@
     class FunctionConstructor : public InternalFunction {
     public:
-        FunctionConstructor(ExecState*, NonNullPassRefPtr<Structure>, FunctionPrototype*);
+        FunctionConstructor(ExecState*, JSGlobalObject*, NonNullPassRefPtr<Structure>, FunctionPrototype*);
 
     private:

trunk/JavaScriptCore/runtime/FunctionPrototype.cpp

@@ -39 +39 @@
 static JSValue JSC_HOST_CALL functionProtoFuncCall(ExecState*, JSObject*, JSValue, const ArgList&);
 
-FunctionPrototype::FunctionPrototype(ExecState* exec, NonNullPassRefPtr<Structure> structure)
-    : InternalFunction(&exec->globalData(), structure, exec->propertyNames().nullIdentifier)
+FunctionPrototype::FunctionPrototype(ExecState* exec, JSGlobalObject* globalObject, NonNullPassRefPtr<Structure> structure)
+    : InternalFunction(&exec->globalData(), globalObject, structure, exec->propertyNames().nullIdentifier)
 {
     putDirectWithoutTransition(exec->propertyNames().length, jsNumber(exec, 0), DontDelete | ReadOnly | DontEnum);
 }
 
-void FunctionPrototype::addFunctionProperties(ExecState* exec, Structure* prototypeFunctionStructure, NativeFunctionWrapper** callFunction, NativeFunctionWrapper** applyFunction)
+void FunctionPrototype::addFunctionProperties(ExecState* exec, JSGlobalObject* globalObject, Structure* prototypeFunctionStructure, NativeFunctionWrapper** callFunction, NativeFunctionWrapper** applyFunction)
 {
-    putDirectFunctionWithoutTransition(exec, new (exec) NativeFunctionWrapper(exec, prototypeFunctionStructure, 0, exec->propertyNames().toString, functionProtoFuncToString), DontEnum);
-    *applyFunction = new (exec) NativeFunctionWrapper(exec, prototypeFunctionStructure, 2, exec->propertyNames().apply, functionProtoFuncApply);
+    putDirectFunctionWithoutTransition(exec, new (exec) NativeFunctionWrapper(exec, globalObject, prototypeFunctionStructure, 0, exec->propertyNames().toString, functionProtoFuncToString), DontEnum);
+    *applyFunction = new (exec) NativeFunctionWrapper(exec, globalObject, prototypeFunctionStructure, 2, exec->propertyNames().apply, functionProtoFuncApply);
     putDirectFunctionWithoutTransition(exec, *applyFunction, DontEnum);
-    *callFunction = new (exec) NativeFunctionWrapper(exec, prototypeFunctionStructure, 1, exec->propertyNames().call, functionProtoFuncCall);
+    *callFunction = new (exec) NativeFunctionWrapper(exec, globalObject, prototypeFunctionStructure, 1, exec->propertyNames().call, functionProtoFuncCall);
     putDirectFunctionWithoutTransition(exec, *callFunction, DontEnum);
 }

trunk/JavaScriptCore/runtime/FunctionPrototype.h

@@ -30 +30 @@
     class FunctionPrototype : public InternalFunction {
     public:
-        FunctionPrototype(ExecState*, NonNullPassRefPtr<Structure>);
-        void addFunctionProperties(ExecState*, Structure* prototypeFunctionStructure, NativeFunctionWrapper** callFunction, NativeFunctionWrapper** applyFunction);
+        FunctionPrototype(ExecState*, JSGlobalObject*, NonNullPassRefPtr<Structure>);
+        void addFunctionProperties(ExecState*, JSGlobalObject*, Structure* prototypeFunctionStructure, NativeFunctionWrapper** callFunction, NativeFunctionWrapper** applyFunction);
 
         static PassRefPtr<Structure> createStructure(JSValue proto)

trunk/JavaScriptCore/runtime/GlobalEvalFunction.cpp

@@ -33 +33 @@
 ASSERT_CLASS_FITS_IN_CELL(GlobalEvalFunction);
 
-GlobalEvalFunction::GlobalEvalFunction(ExecState* exec, NonNullPassRefPtr<Structure> structure, int len, const Identifier& name, NativeFunction function, JSGlobalObject* cachedGlobalObject)
-    : PrototypeFunction(exec, structure, len, name, function)
+GlobalEvalFunction::GlobalEvalFunction(ExecState* exec, JSGlobalObject* globalObject, NonNullPassRefPtr<Structure> structure, int len, const Identifier& name, NativeFunction function, JSGlobalObject* cachedGlobalObject)
+    : PrototypeFunction(exec, globalObject, structure, len, name, function)
     , m_cachedGlobalObject(cachedGlobalObject)
 {

trunk/JavaScriptCore/runtime/GlobalEvalFunction.h

@@ -33 +33 @@
     class GlobalEvalFunction : public PrototypeFunction {
     public:
-        GlobalEvalFunction(ExecState*, NonNullPassRefPtr<Structure>, int len, const Identifier&, NativeFunction, JSGlobalObject* expectedThisObject);
+        GlobalEvalFunction(ExecState*, JSGlobalObject*, NonNullPassRefPtr<Structure>, int len, const Identifier&, NativeFunction, JSGlobalObject* expectedThisObject);
         JSGlobalObject* cachedGlobalObject() const { return m_cachedGlobalObject; }
 

trunk/JavaScriptCore/runtime/InternalFunction.cpp

@@ -25 +25 @@
 
 #include "FunctionPrototype.h"
+#include "JSGlobalObject.h"
 #include "JSString.h"
 
@@ -38 +39 @@
 }
 
-InternalFunction::InternalFunction(JSGlobalData* globalData, NonNullPassRefPtr<Structure> structure, const Identifier& name)
-    : JSObject(structure)
+InternalFunction::InternalFunction(NonNullPassRefPtr<Structure> structure)
+    : JSObjectWithGlobalObject(structure)
+{
+}
+
+InternalFunction::InternalFunction(JSGlobalData* globalData, JSGlobalObject* globalObject, NonNullPassRefPtr<Structure> structure, const Identifier& name)
+    : JSObjectWithGlobalObject(globalObject, structure)
 {
     putDirect(globalData->propertyNames->name, jsString(globalData, name.isNull() ? "" : name.ustring()), DontDelete | ReadOnly | DontEnum);

trunk/JavaScriptCore/runtime/InternalFunction.h

@@ -25 +25 @@
 #define InternalFunction_h
 
-#include "JSObject.h"
+#include "JSObjectWithGlobalObject.h"
 #include "Identifier.h"
 
@@ -32 +32 @@
     class FunctionPrototype;
 
-    class InternalFunction : public JSObject {
+    class InternalFunction : public JSObjectWithGlobalObject {
     public:
         virtual const ClassInfo* classInfo() const; 
@@ -49 +49 @@
         static const unsigned StructureFlags = ImplementsHasInstance | JSObject::StructureFlags;
 
-        InternalFunction(NonNullPassRefPtr<Structure> structure) : JSObject(structure) { }
-        InternalFunction(JSGlobalData*, NonNullPassRefPtr<Structure>, const Identifier&);
+        // Only used to allow us to determine the JSFunction vptr
+        InternalFunction(NonNullPassRefPtr<Structure> structure);
+
+        InternalFunction(JSGlobalData*, JSGlobalObject*, NonNullPassRefPtr<Structure>, const Identifier&);
 
     private:

trunk/JavaScriptCore/runtime/JSCell.h

@@ -208 +208 @@
     inline CallType JSValue::getCallData(CallData& callData)
     {
-        return isCell() ? asCell()->getCallData(callData) : CallTypeNone;
+        CallType result = isCell() ? asCell()->getCallData(callData) : CallTypeNone;
+        ASSERT(result == CallTypeNone || isValidCallee());
+        return result;
     }
 
     inline ConstructType JSValue::getConstructData(ConstructData& constructData)
     {
-        return isCell() ? asCell()->getConstructData(constructData) : ConstructTypeNone;
+        ConstructType result = isCell() ? asCell()->getConstructData(constructData) : ConstructTypeNone;
+        ASSERT(result == ConstructTypeNone || isValidCallee());
+        return result;
     }
 

trunk/JavaScriptCore/runtime/JSFunction.cpp

@@ -58 +58 @@
 }
 
-JSFunction::JSFunction(ExecState* exec, NonNullPassRefPtr<Structure> structure, int length, const Identifier& name, PassRefPtr<NativeExecutable> thunk)
-    : Base(structure)
+JSFunction::JSFunction(ExecState* exec, JSGlobalObject* globalObject, NonNullPassRefPtr<Structure> structure, int length, const Identifier& name, PassRefPtr<NativeExecutable> thunk)
+    : Base(globalObject, structure)
 #if ENABLE(JIT)
     , m_executable(thunk)
 #endif
-    , m_scopeChain(NoScopeChain())
+    , m_scopeChain(globalObject->globalScopeChain())
 {
     putDirect(exec->globalData().propertyNames->name, jsString(exec, name.isNull() ? "" : name.ustring()), DontDelete | ReadOnly | DontEnum);
@@ -75 +75 @@
 }
 
-JSFunction::JSFunction(ExecState* exec, NonNullPassRefPtr<Structure> structure, int length, const Identifier& name, NativeFunction func)
-    : Base(structure)
+JSFunction::JSFunction(ExecState* exec, JSGlobalObject* globalObject, NonNullPassRefPtr<Structure> structure, int length, const Identifier& name, NativeFunction func)
+    : Base(globalObject, structure)
 #if ENABLE(JIT)
     , m_executable(exec->globalData().getHostFunction(func))
 #endif
-    , m_scopeChain(NoScopeChain())
+    , m_scopeChain(globalObject->globalScopeChain())
 {
     putDirect(exec->globalData().propertyNames->name, jsString(exec, name.isNull() ? "" : name.ustring()), DontDelete | ReadOnly | DontEnum);
@@ -93 +93 @@
 
 JSFunction::JSFunction(ExecState* exec, NonNullPassRefPtr<FunctionExecutable> executable, ScopeChainNode* scopeChainNode)
-    : Base(exec->lexicalGlobalObject()->functionStructure())
+    : Base(scopeChainNode->globalObject, scopeChainNode->globalObject->functionStructure())
     , m_executable(executable)
     , m_scopeChain(scopeChainNode)

trunk/JavaScriptCore/runtime/JSFunction.h

@@ -25 +25 @@
 #define JSFunction_h
 
-#include "JSObject.h"
+#include "JSObjectWithGlobalObject.h"
 
 namespace JSC {
@@ -36 +36 @@
     class NativeExecutable;
 
-    class JSFunction : public JSObject {
+    class JSFunction : public JSObjectWithGlobalObject {
         friend class JIT;
         friend class JSGlobalData;
 
-        typedef JSObject Base;
+        typedef JSObjectWithGlobalObject Base;
 
     public:
-        JSFunction(ExecState*, NonNullPassRefPtr<Structure>, int length, const Identifier&, NativeFunction);
-        JSFunction(ExecState*, NonNullPassRefPtr<Structure>, int length, const Identifier&, PassRefPtr<NativeExecutable>);
+        JSFunction(ExecState*, JSGlobalObject*, NonNullPassRefPtr<Structure>, int length, const Identifier&, NativeFunction);
+        JSFunction(ExecState*, JSGlobalObject*, NonNullPassRefPtr<Structure>, int length, const Identifier&, PassRefPtr<NativeExecutable>);
         JSFunction(ExecState*, NonNullPassRefPtr<FunctionExecutable>, ScopeChainNode*);
         virtual ~JSFunction();

trunk/JavaScriptCore/runtime/JSGlobalObject.cpp

@@ -204 +204 @@
     // Prototypes
 
-    d()->functionPrototype = new (exec) FunctionPrototype(exec, FunctionPrototype::createStructure(jsNull())); // The real prototype will be set once ObjectPrototype is created.
+    d()->functionPrototype = new (exec) FunctionPrototype(exec, this, FunctionPrototype::createStructure(jsNull())); // The real prototype will be set once ObjectPrototype is created.
     d()->prototypeFunctionStructure = PrototypeFunction::createStructure(d()->functionPrototype);
     NativeFunctionWrapper* callFunction = 0;
     NativeFunctionWrapper* applyFunction = 0;
-    d()->functionPrototype->addFunctionProperties(exec, d()->prototypeFunctionStructure.get(), &callFunction, &applyFunction);
+    d()->functionPrototype->addFunctionProperties(exec, this, d()->prototypeFunctionStructure.get(), &callFunction, &applyFunction);
     d()->callFunction = callFunction;
     d()->applyFunction = applyFunction;
-    d()->objectPrototype = new (exec) ObjectPrototype(exec, ObjectPrototype::createStructure(jsNull()), d()->prototypeFunctionStructure.get());
+    d()->objectPrototype = new (exec) ObjectPrototype(exec, this, ObjectPrototype::createStructure(jsNull()), d()->prototypeFunctionStructure.get());
     d()->functionPrototype->structure()->setPrototypeWithoutTransition(d()->objectPrototype);
 
@@ -220 +220 @@
     d()->argumentsStructure = Arguments::createStructure(d()->objectPrototype);
     d()->callbackConstructorStructure = JSCallbackConstructor::createStructure(d()->objectPrototype);
-    d()->callbackObjectStructure = JSCallbackObject<JSObject>::createStructure(d()->objectPrototype);
-
-    d()->arrayPrototype = new (exec) ArrayPrototype(ArrayPrototype::createStructure(d()->objectPrototype));
+    d()->callbackObjectStructure = JSCallbackObject<JSObjectWithGlobalObject>::createStructure(d()->objectPrototype);
+
+    d()->arrayPrototype = new (exec) ArrayPrototype(this, ArrayPrototype::createStructure(d()->objectPrototype));
     d()->arrayStructure = JSArray::createStructure(d()->arrayPrototype);
     d()->regExpMatchesArrayStructure = RegExpMatchesArray::createStructure(d()->arrayPrototype);
 
-    d()->stringPrototype = new (exec) StringPrototype(exec, StringPrototype::createStructure(d()->objectPrototype));
+    d()->stringPrototype = new (exec) StringPrototype(exec, this, StringPrototype::createStructure(d()->objectPrototype));
     d()->stringObjectStructure = StringObject::createStructure(d()->stringPrototype);
 
-    d()->booleanPrototype = new (exec) BooleanPrototype(exec, BooleanPrototype::createStructure(d()->objectPrototype), d()->prototypeFunctionStructure.get());
+    d()->booleanPrototype = new (exec) BooleanPrototype(exec, this, BooleanPrototype::createStructure(d()->objectPrototype), d()->prototypeFunctionStructure.get());
     d()->booleanObjectStructure = BooleanObject::createStructure(d()->booleanPrototype);
 
-    d()->numberPrototype = new (exec) NumberPrototype(exec, NumberPrototype::createStructure(d()->objectPrototype), d()->prototypeFunctionStructure.get());
+    d()->numberPrototype = new (exec) NumberPrototype(exec, this, NumberPrototype::createStructure(d()->objectPrototype), d()->prototypeFunctionStructure.get());
     d()->numberObjectStructure = NumberObject::createStructure(d()->numberPrototype);
 
-    d()->datePrototype = new (exec) DatePrototype(exec, DatePrototype::createStructure(d()->objectPrototype));
+    d()->datePrototype = new (exec) DatePrototype(exec, this, DatePrototype::createStructure(d()->objectPrototype));
     d()->dateStructure = DateInstance::createStructure(d()->datePrototype);
 
-    d()->regExpPrototype = new (exec) RegExpPrototype(exec, RegExpPrototype::createStructure(d()->objectPrototype), d()->prototypeFunctionStructure.get());
+    d()->regExpPrototype = new (exec) RegExpPrototype(exec, this, RegExpPrototype::createStructure(d()->objectPrototype), d()->prototypeFunctionStructure.get());
     d()->regExpStructure = RegExpObject::createStructure(d()->regExpPrototype);
 
     d()->methodCallDummy = constructEmptyObject(exec);
 
-    ErrorPrototype* errorPrototype = new (exec) ErrorPrototype(exec, ErrorPrototype::createStructure(d()->objectPrototype), d()->prototypeFunctionStructure.get());
+    ErrorPrototype* errorPrototype = new (exec) ErrorPrototype(exec, this, ErrorPrototype::createStructure(d()->objectPrototype), d()->prototypeFunctionStructure.get());
     d()->errorStructure = ErrorInstance::createStructure(errorPrototype);
 
     RefPtr<Structure> nativeErrorPrototypeStructure = NativeErrorPrototype::createStructure(errorPrototype);
 
-    NativeErrorPrototype* evalErrorPrototype = new (exec) NativeErrorPrototype(exec, nativeErrorPrototypeStructure, "EvalError", "EvalError");
-    NativeErrorPrototype* rangeErrorPrototype = new (exec) NativeErrorPrototype(exec, nativeErrorPrototypeStructure, "RangeError", "RangeError");
-    NativeErrorPrototype* referenceErrorPrototype = new (exec) NativeErrorPrototype(exec, nativeErrorPrototypeStructure, "ReferenceError", "ReferenceError");
-    NativeErrorPrototype* syntaxErrorPrototype = new (exec) NativeErrorPrototype(exec, nativeErrorPrototypeStructure, "SyntaxError", "SyntaxError");
-    NativeErrorPrototype* typeErrorPrototype = new (exec) NativeErrorPrototype(exec, nativeErrorPrototypeStructure, "TypeError", "TypeError");
-    NativeErrorPrototype* URIErrorPrototype = new (exec) NativeErrorPrototype(exec, nativeErrorPrototypeStructure, "URIError", "URIError");
+    NativeErrorPrototype* evalErrorPrototype = new (exec) NativeErrorPrototype(exec, this, nativeErrorPrototypeStructure, "EvalError", "EvalError");
+    NativeErrorPrototype* rangeErrorPrototype = new (exec) NativeErrorPrototype(exec, this, nativeErrorPrototypeStructure, "RangeError", "RangeError");
+    NativeErrorPrototype* referenceErrorPrototype = new (exec) NativeErrorPrototype(exec, this, nativeErrorPrototypeStructure, "ReferenceError", "ReferenceError");
+    NativeErrorPrototype* syntaxErrorPrototype = new (exec) NativeErrorPrototype(exec, this, nativeErrorPrototypeStructure, "SyntaxError", "SyntaxError");
+    NativeErrorPrototype* typeErrorPrototype = new (exec) NativeErrorPrototype(exec, this, nativeErrorPrototypeStructure, "TypeError", "TypeError");
+    NativeErrorPrototype* URIErrorPrototype = new (exec) NativeErrorPrototype(exec, this, nativeErrorPrototypeStructure, "URIError", "URIError");
 
     // Constructors
 
-    JSCell* objectConstructor = new (exec) ObjectConstructor(exec, ObjectConstructor::createStructure(d()->functionPrototype), d()->objectPrototype, d()->prototypeFunctionStructure.get());
-    JSCell* functionConstructor = new (exec) FunctionConstructor(exec, FunctionConstructor::createStructure(d()->functionPrototype), d()->functionPrototype);
-    JSCell* arrayConstructor = new (exec) ArrayConstructor(exec, ArrayConstructor::createStructure(d()->functionPrototype), d()->arrayPrototype, d()->prototypeFunctionStructure.get());
-    JSCell* stringConstructor = new (exec) StringConstructor(exec, StringConstructor::createStructure(d()->functionPrototype), d()->prototypeFunctionStructure.get(), d()->stringPrototype);
-    JSCell* booleanConstructor = new (exec) BooleanConstructor(exec, BooleanConstructor::createStructure(d()->functionPrototype), d()->booleanPrototype);
-    JSCell* numberConstructor = new (exec) NumberConstructor(exec, NumberConstructor::createStructure(d()->functionPrototype), d()->numberPrototype);
-    JSCell* dateConstructor = new (exec) DateConstructor(exec, DateConstructor::createStructure(d()->functionPrototype), d()->prototypeFunctionStructure.get(), d()->datePrototype);
-
-    d()->regExpConstructor = new (exec) RegExpConstructor(exec, RegExpConstructor::createStructure(d()->functionPrototype), d()->regExpPrototype);
-
-    d()->errorConstructor = new (exec) ErrorConstructor(exec, ErrorConstructor::createStructure(d()->functionPrototype), errorPrototype);
+    JSCell* objectConstructor = new (exec) ObjectConstructor(exec, this, ObjectConstructor::createStructure(d()->functionPrototype), d()->objectPrototype, d()->prototypeFunctionStructure.get());
+    JSCell* functionConstructor = new (exec) FunctionConstructor(exec, this, FunctionConstructor::createStructure(d()->functionPrototype), d()->functionPrototype);
+    JSCell* arrayConstructor = new (exec) ArrayConstructor(exec, this, ArrayConstructor::createStructure(d()->functionPrototype), d()->arrayPrototype, d()->prototypeFunctionStructure.get());
+    JSCell* stringConstructor = new (exec) StringConstructor(exec, this, StringConstructor::createStructure(d()->functionPrototype), d()->prototypeFunctionStructure.get(), d()->stringPrototype);
+    JSCell* booleanConstructor = new (exec) BooleanConstructor(exec, this, BooleanConstructor::createStructure(d()->functionPrototype), d()->booleanPrototype);
+    JSCell* numberConstructor = new (exec) NumberConstructor(exec, this, NumberConstructor::createStructure(d()->functionPrototype), d()->numberPrototype);
+    JSCell* dateConstructor = new (exec) DateConstructor(exec, this, DateConstructor::createStructure(d()->functionPrototype), d()->prototypeFunctionStructure.get(), d()->datePrototype);
+
+    d()->regExpConstructor = new (exec) RegExpConstructor(exec, this, RegExpConstructor::createStructure(d()->functionPrototype), d()->regExpPrototype);
+
+    d()->errorConstructor = new (exec) ErrorConstructor(exec, this, ErrorConstructor::createStructure(d()->functionPrototype), errorPrototype);
 
     RefPtr<Structure> nativeErrorStructure = NativeErrorConstructor::createStructure(d()->functionPrototype);
 
-    d()->evalErrorConstructor = new (exec) NativeErrorConstructor(exec, nativeErrorStructure, evalErrorPrototype);
-    d()->rangeErrorConstructor = new (exec) NativeErrorConstructor(exec, nativeErrorStructure, rangeErrorPrototype);
-    d()->referenceErrorConstructor = new (exec) NativeErrorConstructor(exec, nativeErrorStructure, referenceErrorPrototype);
-    d()->syntaxErrorConstructor = new (exec) NativeErrorConstructor(exec, nativeErrorStructure, syntaxErrorPrototype);
-    d()->typeErrorConstructor = new (exec) NativeErrorConstructor(exec, nativeErrorStructure, typeErrorPrototype);
-    d()->URIErrorConstructor = new (exec) NativeErrorConstructor(exec, nativeErrorStructure, URIErrorPrototype);
+    d()->evalErrorConstructor = new (exec) NativeErrorConstructor(exec, this, nativeErrorStructure, evalErrorPrototype);
+    d()->rangeErrorConstructor = new (exec) NativeErrorConstructor(exec, this, nativeErrorStructure, rangeErrorPrototype);
+    d()->referenceErrorConstructor = new (exec) NativeErrorConstructor(exec, this, nativeErrorStructure, referenceErrorPrototype);
+    d()->syntaxErrorConstructor = new (exec) NativeErrorConstructor(exec, this, nativeErrorStructure, syntaxErrorPrototype);
+    d()->typeErrorConstructor = new (exec) NativeErrorConstructor(exec, this, nativeErrorStructure, typeErrorPrototype);
+    d()->URIErrorConstructor = new (exec) NativeErrorConstructor(exec, this, nativeErrorStructure, URIErrorPrototype);
 
     d()->objectPrototype->putDirectFunctionWithoutTransition(exec->propertyNames().constructor, objectConstructor, DontEnum);
@@ -317 +317 @@
     // Set global values.
     GlobalPropertyInfo staticGlobals[] = {
-        GlobalPropertyInfo(Identifier(exec, "Math"), new (exec) MathObject(exec, MathObject::createStructure(d()->objectPrototype)), DontEnum | DontDelete),
+        GlobalPropertyInfo(Identifier(exec, "Math"), new (exec) MathObject(exec, this, MathObject::createStructure(d()->objectPrototype)), DontEnum | DontDelete),
         GlobalPropertyInfo(Identifier(exec, "NaN"), jsNaN(exec), DontEnum | DontDelete | ReadOnly),
         GlobalPropertyInfo(Identifier(exec, "Infinity"), jsNumber(exec, Inf), DontEnum | DontDelete | ReadOnly),
         GlobalPropertyInfo(Identifier(exec, "undefined"), jsUndefined(), DontEnum | DontDelete | ReadOnly),
-        GlobalPropertyInfo(Identifier(exec, "JSON"), new (exec) JSONObject(JSONObject::createStructure(d()->objectPrototype)), DontEnum | DontDelete)
+        GlobalPropertyInfo(Identifier(exec, "JSON"), new (exec) JSONObject(this, JSONObject::createStructure(d()->objectPrototype)), DontEnum | DontDelete)
     };
 
@@ -328 +328 @@
     // Set global functions.
 
-    d()->evalFunction = new (exec) GlobalEvalFunction(exec, GlobalEvalFunction::createStructure(d()->functionPrototype), 1, exec->propertyNames().eval, globalFuncEval, this);
+    d()->evalFunction = new (exec) GlobalEvalFunction(exec, this, GlobalEvalFunction::createStructure(d()->functionPrototype), 1, exec->propertyNames().eval, globalFuncEval, this);
     putDirectFunctionWithoutTransition(exec, d()->evalFunction, DontEnum);
-    putDirectFunctionWithoutTransition(exec, new (exec) NativeFunctionWrapper(exec, d()->prototypeFunctionStructure.get(), 2, Identifier(exec, "parseInt"), globalFuncParseInt), DontEnum);
-    putDirectFunctionWithoutTransition(exec, new (exec) NativeFunctionWrapper(exec, d()->prototypeFunctionStructure.get(), 1, Identifier(exec, "parseFloat"), globalFuncParseFloat), DontEnum);
-    putDirectFunctionWithoutTransition(exec, new (exec) NativeFunctionWrapper(exec, d()->prototypeFunctionStructure.get(), 1, Identifier(exec, "isNaN"), globalFuncIsNaN), DontEnum);
-    putDirectFunctionWithoutTransition(exec, new (exec) NativeFunctionWrapper(exec, d()->prototypeFunctionStructure.get(), 1, Identifier(exec, "isFinite"), globalFuncIsFinite), DontEnum);
-    putDirectFunctionWithoutTransition(exec, new (exec) NativeFunctionWrapper(exec, d()->prototypeFunctionStructure.get(), 1, Identifier(exec, "escape"), globalFuncEscape), DontEnum);
-    putDirectFunctionWithoutTransition(exec, new (exec) NativeFunctionWrapper(exec, d()->prototypeFunctionStructure.get(), 1, Identifier(exec, "unescape"), globalFuncUnescape), DontEnum);
-    putDirectFunctionWithoutTransition(exec, new (exec) NativeFunctionWrapper(exec, d()->prototypeFunctionStructure.get(), 1, Identifier(exec, "decodeURI"), globalFuncDecodeURI), DontEnum);
-    putDirectFunctionWithoutTransition(exec, new (exec) NativeFunctionWrapper(exec, d()->prototypeFunctionStructure.get(), 1, Identifier(exec, "decodeURIComponent"), globalFuncDecodeURIComponent), DontEnum);
-    putDirectFunctionWithoutTransition(exec, new (exec) NativeFunctionWrapper(exec, d()->prototypeFunctionStructure.get(), 1, Identifier(exec, "encodeURI"), globalFuncEncodeURI), DontEnum);
-    putDirectFunctionWithoutTransition(exec, new (exec) NativeFunctionWrapper(exec, d()->prototypeFunctionStructure.get(), 1, Identifier(exec, "encodeURIComponent"), globalFuncEncodeURIComponent), DontEnum);
+    putDirectFunctionWithoutTransition(exec, new (exec) NativeFunctionWrapper(exec, this, d()->prototypeFunctionStructure.get(), 2, Identifier(exec, "parseInt"), globalFuncParseInt), DontEnum);
+    putDirectFunctionWithoutTransition(exec, new (exec) NativeFunctionWrapper(exec, this, d()->prototypeFunctionStructure.get(), 1, Identifier(exec, "parseFloat"), globalFuncParseFloat), DontEnum);
+    putDirectFunctionWithoutTransition(exec, new (exec) NativeFunctionWrapper(exec, this, d()->prototypeFunctionStructure.get(), 1, Identifier(exec, "isNaN"), globalFuncIsNaN), DontEnum);
+    putDirectFunctionWithoutTransition(exec, new (exec) NativeFunctionWrapper(exec, this, d()->prototypeFunctionStructure.get(), 1, Identifier(exec, "isFinite"), globalFuncIsFinite), DontEnum);
+    putDirectFunctionWithoutTransition(exec, new (exec) NativeFunctionWrapper(exec, this, d()->prototypeFunctionStructure.get(), 1, Identifier(exec, "escape"), globalFuncEscape), DontEnum);
+    putDirectFunctionWithoutTransition(exec, new (exec) NativeFunctionWrapper(exec, this, d()->prototypeFunctionStructure.get(), 1, Identifier(exec, "unescape"), globalFuncUnescape), DontEnum);
+    putDirectFunctionWithoutTransition(exec, new (exec) NativeFunctionWrapper(exec, this, d()->prototypeFunctionStructure.get(), 1, Identifier(exec, "decodeURI"), globalFuncDecodeURI), DontEnum);
+    putDirectFunctionWithoutTransition(exec, new (exec) NativeFunctionWrapper(exec, this, d()->prototypeFunctionStructure.get(), 1, Identifier(exec, "decodeURIComponent"), globalFuncDecodeURIComponent), DontEnum);
+    putDirectFunctionWithoutTransition(exec, new (exec) NativeFunctionWrapper(exec, this, d()->prototypeFunctionStructure.get(), 1, Identifier(exec, "encodeURI"), globalFuncEncodeURI), DontEnum);
+    putDirectFunctionWithoutTransition(exec, new (exec) NativeFunctionWrapper(exec, this, d()->prototypeFunctionStructure.get(), 1, Identifier(exec, "encodeURIComponent"), globalFuncEncodeURIComponent), DontEnum);
 #ifndef NDEBUG
-    putDirectFunctionWithoutTransition(exec, new (exec) NativeFunctionWrapper(exec, d()->prototypeFunctionStructure.get(), 1, Identifier(exec, "jscprint"), globalFuncJSCPrint), DontEnum);
+    putDirectFunctionWithoutTransition(exec, new (exec) NativeFunctionWrapper(exec, this, d()->prototypeFunctionStructure.get(), 1, Identifier(exec, "jscprint"), globalFuncJSCPrint), DontEnum);
 #endif
 

trunk/JavaScriptCore/runtime/JSGlobalObject.h

@@ -161 +161 @@
     public:
         void* operator new(size_t, JSGlobalData*);
-
+        
         explicit JSGlobalObject()
             : JSVariableObject(JSGlobalObject::createStructure(jsNull()), new JSGlobalObjectData(destroyJSGlobalObjectData))
         {
+            COMPILE_ASSERT(JSGlobalObject::AnonymousSlotCount == 1, JSGlobalObject_has_only_a_single_slot);
+            putAnonymousValue(0, this);
+            init(this);
+        }
+        
+        explicit JSGlobalObject(NonNullPassRefPtr<Structure> structure)
+            : JSVariableObject(structure, new JSGlobalObjectData(destroyJSGlobalObjectData))
+        {
+            COMPILE_ASSERT(JSGlobalObject::AnonymousSlotCount == 1, JSGlobalObject_has_only_a_single_slot);
+            putAnonymousValue(0, this);
             init(this);
         }
@@ -172 +182 @@
             : JSVariableObject(structure, data)
         {
+            COMPILE_ASSERT(JSGlobalObject::AnonymousSlotCount == 1, JSGlobalObject_has_only_a_single_slot);
+            putAnonymousValue(0, this);
             init(thisValue);
         }
@@ -286 +298 @@
     protected:
 
+        static const unsigned AnonymousSlotCount = JSVariableObject::AnonymousSlotCount + 1;
         static const unsigned StructureFlags = OverridesGetOwnPropertySlot | OverridesMarkChildren | OverridesGetPropertyNames | JSVariableObject::StructureFlags;
 

trunk/JavaScriptCore/runtime/JSONObject.cpp

@@ -31 +31 @@
 #include "ExceptionHelpers.h"
 #include "JSArray.h"
+#include "JSGlobalObject.h"
 #include "LiteralParser.h"
 #include "Lookup.h"
@@ -49 +50 @@
 
 namespace JSC {
+
+JSONObject::JSONObject(JSGlobalObject* globalObject, NonNullPassRefPtr<Structure> structure)
+    : JSObjectWithGlobalObject(globalObject, structure)
+{
+}
 
 // PropertyNameForFunctionCall objects must be on the stack, since the JSValue that they create is not marked.

trunk/JavaScriptCore/runtime/JSONObject.h

@@ -27 +27 @@
 #define JSONObject_h
 
-#include "JSObject.h"
+#include "JSObjectWithGlobalObject.h"
 
 namespace JSC {
@@ -33 +33 @@
     class Stringifier;
 
-    class JSONObject : public JSObject {
+    class JSONObject : public JSObjectWithGlobalObject {
     public:
-        JSONObject(NonNullPassRefPtr<Structure> structure)
-            : JSObject(structure)
-        {
-        }
+        JSONObject(JSGlobalObject* globalObject, NonNullPassRefPtr<Structure> structure);
 
         static PassRefPtr<Structure> createStructure(JSValue prototype)

trunk/JavaScriptCore/runtime/JSObject.h

@@ -75 +75 @@
         friend class JIT;
         friend class JSCell;
+        friend void setUpStaticFunctionSlot(ExecState* exec, const HashEntry* entry, JSObject* thisObj, const Identifier& propertyName, PropertySlot& slot);
 
     public:
@@ -220 +221 @@
         }
 
+        void putAnonymousValue(unsigned index, JSValue value)
+        {
+            ASSERT(index < m_structure->anonymousSlotCount());
+            *locationForOffset(index) = value;
+        }
+        JSValue getAnonymousValue(unsigned index) const
+        {
+            ASSERT(index < m_structure->anonymousSlotCount());
+            return *locationForOffset(index);
+        }
+        
     protected:
         static const unsigned StructureFlags = 0;
-
-        void putAnonymousValue(unsigned index, JSValue value)
-        {
-            ASSERT(index < m_structure->anonymousSlotCount());
-            *locationForOffset(index) = value;
-        }
-        JSValue getAnonymousValue(unsigned index) const
-        {
-            ASSERT(index < m_structure->anonymousSlotCount());
-            return *locationForOffset(index);
-        }
-
+        
     private:
         // Nobody should ever ask any of these questions on something already known to be a JSObject.

trunk/JavaScriptCore/runtime/JSValue.cpp

@@ -182 +182 @@
 }
 
+bool JSValue::isValidCallee()
+{
+    return asObject(asObject(asCell())->getAnonymousValue(0))->isGlobalObject();
+}
+
 } // namespace JSC

trunk/JavaScriptCore/runtime/JSValue.h

@@ -204 +204 @@
         bool isCell() const;
         JSCell* asCell() const;
+        bool isValidCallee();
 
 #ifndef NDEBUG

trunk/JavaScriptCore/runtime/Lookup.cpp

@@ -72 +72 @@
 void setUpStaticFunctionSlot(ExecState* exec, const HashEntry* entry, JSObject* thisObj, const Identifier& propertyName, PropertySlot& slot)
 {
+    ASSERT(thisObj->structure()->anonymousSlotCount() > 0);
+    ASSERT(thisObj->getAnonymousValue(0).isCell() && asObject(thisObj->getAnonymousValue(0).asCell())->isGlobalObject());
     ASSERT(entry->attributes() & Function);
     JSValue* location = thisObj->getDirectLocation(propertyName);
@@ -77 +79 @@
     if (!location) {
         NativeFunctionWrapper* function;
+        JSGlobalObject* globalObject = asGlobalObject(thisObj->getAnonymousValue(0).asCell());
 #if ENABLE(JIT)
         if (entry->generator())
-            function = new (exec) NativeFunctionWrapper(exec, exec->lexicalGlobalObject()->prototypeFunctionStructure(), entry->functionLength(), propertyName, exec->globalData().getHostFunction(entry->function(), entry->generator()));
+            function = new (exec) NativeFunctionWrapper(exec, globalObject, globalObject->prototypeFunctionStructure(), entry->functionLength(), propertyName, exec->globalData().getHostFunction(entry->function(), entry->generator()));
         else
 #endif
-            function = new (exec) NativeFunctionWrapper(exec, exec->lexicalGlobalObject()->prototypeFunctionStructure(), entry->functionLength(), propertyName, entry->function());
+            function = new (exec) NativeFunctionWrapper(exec, globalObject, globalObject->prototypeFunctionStructure(), entry->functionLength(), propertyName, entry->function());
 
         thisObj->putDirectFunction(propertyName, function, entry->attributes());

trunk/JavaScriptCore/runtime/MathObject.cpp

@@ -87 +87 @@
 */
 
-MathObject::MathObject(ExecState* exec, NonNullPassRefPtr<Structure> structure)
-    : JSObject(structure)
+MathObject::MathObject(ExecState* exec, JSGlobalObject* globalObject, NonNullPassRefPtr<Structure> structure)
+    : JSObjectWithGlobalObject(globalObject, structure)
 {
     putDirectWithoutTransition(Identifier(exec, "E"), jsNumber(exec, exp(1.0)), DontDelete | DontEnum | ReadOnly);

trunk/JavaScriptCore/runtime/MathObject.h

@@ -22 +22 @@
 #define MathObject_h
 
-#include "JSObject.h"
+#include "JSObjectWithGlobalObject.h"
 
 namespace JSC {
 
-    class MathObject : public JSObject {
+    class MathObject : public JSObjectWithGlobalObject {
     public:
-        MathObject(ExecState*, NonNullPassRefPtr<Structure>);
+        MathObject(ExecState*, JSGlobalObject*, NonNullPassRefPtr<Structure>);
 
         virtual bool getOwnPropertySlot(ExecState*, const Identifier&, PropertySlot&);

trunk/JavaScriptCore/runtime/NativeErrorConstructor.cpp

@@ -33 +33 @@
 const ClassInfo NativeErrorConstructor::info = { "Function", &InternalFunction::info, 0, 0 };
 
-NativeErrorConstructor::NativeErrorConstructor(ExecState* exec, NonNullPassRefPtr<Structure> structure, NativeErrorPrototype* nativeErrorPrototype)
-    : InternalFunction(&exec->globalData(), structure, Identifier(exec, nativeErrorPrototype->getDirect(exec->propertyNames().name).getString(exec)))
+NativeErrorConstructor::NativeErrorConstructor(ExecState* exec, JSGlobalObject* globalObject, NonNullPassRefPtr<Structure> structure, NativeErrorPrototype* nativeErrorPrototype)
+    : InternalFunction(&exec->globalData(), globalObject, structure, Identifier(exec, nativeErrorPrototype->getDirect(exec->propertyNames().name).getString(exec)))
     , m_errorStructure(ErrorInstance::createStructure(nativeErrorPrototype))
 {

trunk/JavaScriptCore/runtime/NativeErrorConstructor.h

@@ -32 +32 @@
     class NativeErrorConstructor : public InternalFunction {
     public:
-        NativeErrorConstructor(ExecState*, NonNullPassRefPtr<Structure>, NativeErrorPrototype*);
+        NativeErrorConstructor(ExecState*, JSGlobalObject*, NonNullPassRefPtr<Structure>, NativeErrorPrototype*);
 
         static const ClassInfo info;

trunk/JavaScriptCore/runtime/NativeErrorPrototype.cpp

@@ -23 +23 @@
 
 #include "ErrorPrototype.h"
+#include "JSGlobalObject.h"
 #include "JSString.h"
 #include "UString.h"
@@ -30 +31 @@
 ASSERT_CLASS_FITS_IN_CELL(NativeErrorPrototype);
 
-NativeErrorPrototype::NativeErrorPrototype(ExecState* exec, NonNullPassRefPtr<Structure> structure, const UString& name, const UString& message)
-    : JSObject(structure)
+NativeErrorPrototype::NativeErrorPrototype(ExecState* exec, JSGlobalObject* globalObject, NonNullPassRefPtr<Structure> structure, const UString& name, const UString& message)
+    : JSObjectWithGlobalObject(globalObject, structure)
 {
     putDirect(exec->propertyNames().name, jsString(exec, name), 0);

trunk/JavaScriptCore/runtime/NativeErrorPrototype.h

@@ -22 +22 @@
 #define NativeErrorPrototype_h
 
-#include "JSObject.h"
+#include "JSObjectWithGlobalObject.h"
 
 namespace JSC {
 
-    class NativeErrorPrototype : public JSObject {
+    class NativeErrorPrototype : public JSObjectWithGlobalObject {
     public:
-        NativeErrorPrototype(ExecState*, NonNullPassRefPtr<Structure>, const UString& name, const UString& message);
+        NativeErrorPrototype(ExecState*, JSGlobalObject*, NonNullPassRefPtr<Structure>, const UString& name, const UString& message);
     };
 

trunk/JavaScriptCore/runtime/NumberConstructor.cpp

@@ -55 +55 @@
 */
 
-NumberConstructor::NumberConstructor(ExecState* exec, NonNullPassRefPtr<Structure> structure, NumberPrototype* numberPrototype)
-    : InternalFunction(&exec->globalData(), structure, Identifier(exec, numberPrototype->info.className))
+NumberConstructor::NumberConstructor(ExecState* exec, JSGlobalObject* globalObject, NonNullPassRefPtr<Structure> structure, NumberPrototype* numberPrototype)
+    : InternalFunction(&exec->globalData(), globalObject, structure, Identifier(exec, numberPrototype->info.className))
 {
     // Number.Prototype

trunk/JavaScriptCore/runtime/NumberConstructor.h

@@ -30 +30 @@
     class NumberConstructor : public InternalFunction {
     public:
-        NumberConstructor(ExecState*, NonNullPassRefPtr<Structure>, NumberPrototype*);
+        NumberConstructor(ExecState*, JSGlobalObject*, NonNullPassRefPtr<Structure>, NumberPrototype*);
 
         virtual bool getOwnPropertySlot(ExecState*, const Identifier&, PropertySlot&);

trunk/JavaScriptCore/runtime/NumberPrototype.cpp

@@ -48 +48 @@
 // ECMA 15.7.4
 
-NumberPrototype::NumberPrototype(ExecState* exec, NonNullPassRefPtr<Structure> structure, Structure* prototypeFunctionStructure)
+NumberPrototype::NumberPrototype(ExecState* exec, JSGlobalObject* globalObject, NonNullPassRefPtr<Structure> structure, Structure* prototypeFunctionStructure)
     : NumberObject(structure)
 {
@@ -55 +55 @@
     // The constructor will be added later, after NumberConstructor has been constructed
 
-    putDirectFunctionWithoutTransition(exec, new (exec) NativeFunctionWrapper(exec, prototypeFunctionStructure, 1, exec->propertyNames().toString, numberProtoFuncToString), DontEnum);
-    putDirectFunctionWithoutTransition(exec, new (exec) NativeFunctionWrapper(exec, prototypeFunctionStructure, 0, exec->propertyNames().toLocaleString, numberProtoFuncToLocaleString), DontEnum);
-    putDirectFunctionWithoutTransition(exec, new (exec) NativeFunctionWrapper(exec, prototypeFunctionStructure, 0, exec->propertyNames().valueOf, numberProtoFuncValueOf), DontEnum);
-    putDirectFunctionWithoutTransition(exec, new (exec) NativeFunctionWrapper(exec, prototypeFunctionStructure, 1, exec->propertyNames().toFixed, numberProtoFuncToFixed), DontEnum);
-    putDirectFunctionWithoutTransition(exec, new (exec) NativeFunctionWrapper(exec, prototypeFunctionStructure, 1, exec->propertyNames().toExponential, numberProtoFuncToExponential), DontEnum);
-    putDirectFunctionWithoutTransition(exec, new (exec) NativeFunctionWrapper(exec, prototypeFunctionStructure, 1, exec->propertyNames().toPrecision, numberProtoFuncToPrecision), DontEnum);
+    putDirectFunctionWithoutTransition(exec, new (exec) NativeFunctionWrapper(exec, globalObject, prototypeFunctionStructure, 1, exec->propertyNames().toString, numberProtoFuncToString), DontEnum);
+    putDirectFunctionWithoutTransition(exec, new (exec) NativeFunctionWrapper(exec, globalObject, prototypeFunctionStructure, 0, exec->propertyNames().toLocaleString, numberProtoFuncToLocaleString), DontEnum);
+    putDirectFunctionWithoutTransition(exec, new (exec) NativeFunctionWrapper(exec, globalObject, prototypeFunctionStructure, 0, exec->propertyNames().valueOf, numberProtoFuncValueOf), DontEnum);
+    putDirectFunctionWithoutTransition(exec, new (exec) NativeFunctionWrapper(exec, globalObject, prototypeFunctionStructure, 1, exec->propertyNames().toFixed, numberProtoFuncToFixed), DontEnum);
+    putDirectFunctionWithoutTransition(exec, new (exec) NativeFunctionWrapper(exec, globalObject, prototypeFunctionStructure, 1, exec->propertyNames().toExponential, numberProtoFuncToExponential), DontEnum);
+    putDirectFunctionWithoutTransition(exec, new (exec) NativeFunctionWrapper(exec, globalObject, prototypeFunctionStructure, 1, exec->propertyNames().toPrecision, numberProtoFuncToPrecision), DontEnum);
 }
 

trunk/JavaScriptCore/runtime/NumberPrototype.h

@@ -28 +28 @@
     class NumberPrototype : public NumberObject {
     public:
-        NumberPrototype(ExecState*, NonNullPassRefPtr<Structure>, Structure* prototypeFunctionStructure);
+        NumberPrototype(ExecState*, JSGlobalObject*, NonNullPassRefPtr<Structure>, Structure* prototypeFunctionStructure);
     };
 

trunk/JavaScriptCore/runtime/ObjectConstructor.cpp

@@ -43 +43 @@
 static JSValue JSC_HOST_CALL objectConstructorCreate(ExecState*, JSObject*, JSValue, const ArgList&);
 
-ObjectConstructor::ObjectConstructor(ExecState* exec, NonNullPassRefPtr<Structure> structure, ObjectPrototype* objectPrototype, Structure* prototypeFunctionStructure)
-: InternalFunction(&exec->globalData(), structure, Identifier(exec, "Object"))
+ObjectConstructor::ObjectConstructor(ExecState* exec, JSGlobalObject* globalObject, NonNullPassRefPtr<Structure> structure, ObjectPrototype* objectPrototype, Structure* prototypeFunctionStructure)
+: InternalFunction(&exec->globalData(), globalObject, structure, Identifier(exec, "Object"))
 {
     // ECMA 15.2.3.1
@@ -52 +52 @@
     putDirectWithoutTransition(exec->propertyNames().length, jsNumber(exec, 1), ReadOnly | DontEnum | DontDelete);
     
-    putDirectFunctionWithoutTransition(exec, new (exec) NativeFunctionWrapper(exec, prototypeFunctionStructure, 1, exec->propertyNames().getPrototypeOf, objectConstructorGetPrototypeOf), DontEnum);
-    putDirectFunctionWithoutTransition(exec, new (exec) NativeFunctionWrapper(exec, prototypeFunctionStructure, 2, exec->propertyNames().getOwnPropertyDescriptor, objectConstructorGetOwnPropertyDescriptor), DontEnum);
-    putDirectFunctionWithoutTransition(exec, new (exec) NativeFunctionWrapper(exec, prototypeFunctionStructure, 1, exec->propertyNames().getOwnPropertyNames, objectConstructorGetOwnPropertyNames), DontEnum);
-    putDirectFunctionWithoutTransition(exec, new (exec) NativeFunctionWrapper(exec, prototypeFunctionStructure, 1, exec->propertyNames().keys, objectConstructorKeys), DontEnum);
-    putDirectFunctionWithoutTransition(exec, new (exec) NativeFunctionWrapper(exec, prototypeFunctionStructure, 3, exec->propertyNames().defineProperty, objectConstructorDefineProperty), DontEnum);
-    putDirectFunctionWithoutTransition(exec, new (exec) NativeFunctionWrapper(exec, prototypeFunctionStructure, 2, exec->propertyNames().defineProperties, objectConstructorDefineProperties), DontEnum);
-    putDirectFunctionWithoutTransition(exec, new (exec) NativeFunctionWrapper(exec, prototypeFunctionStructure, 2, exec->propertyNames().create, objectConstructorCreate), DontEnum);
+    putDirectFunctionWithoutTransition(exec, new (exec) NativeFunctionWrapper(exec, globalObject, prototypeFunctionStructure, 1, exec->propertyNames().getPrototypeOf, objectConstructorGetPrototypeOf), DontEnum);
+    putDirectFunctionWithoutTransition(exec, new (exec) NativeFunctionWrapper(exec, globalObject, prototypeFunctionStructure, 2, exec->propertyNames().getOwnPropertyDescriptor, objectConstructorGetOwnPropertyDescriptor), DontEnum);
+    putDirectFunctionWithoutTransition(exec, new (exec) NativeFunctionWrapper(exec, globalObject, prototypeFunctionStructure, 1, exec->propertyNames().getOwnPropertyNames, objectConstructorGetOwnPropertyNames), DontEnum);
+    putDirectFunctionWithoutTransition(exec, new (exec) NativeFunctionWrapper(exec, globalObject, prototypeFunctionStructure, 1, exec->propertyNames().keys, objectConstructorKeys), DontEnum);
+    putDirectFunctionWithoutTransition(exec, new (exec) NativeFunctionWrapper(exec, globalObject, prototypeFunctionStructure, 3, exec->propertyNames().defineProperty, objectConstructorDefineProperty), DontEnum);
+    putDirectFunctionWithoutTransition(exec, new (exec) NativeFunctionWrapper(exec, globalObject, prototypeFunctionStructure, 2, exec->propertyNames().defineProperties, objectConstructorDefineProperties), DontEnum);
+    putDirectFunctionWithoutTransition(exec, new (exec) NativeFunctionWrapper(exec, globalObject, prototypeFunctionStructure, 2, exec->propertyNames().create, objectConstructorCreate), DontEnum);
 }
 

trunk/JavaScriptCore/runtime/ObjectConstructor.h

@@ -30 +30 @@
     class ObjectConstructor : public InternalFunction {
     public:
-        ObjectConstructor(ExecState*, NonNullPassRefPtr<Structure>, ObjectPrototype*, Structure* prototypeFunctionStructure);
+        ObjectConstructor(ExecState*, JSGlobalObject*, NonNullPassRefPtr<Structure>, ObjectPrototype*, Structure* prototypeFunctionStructure);
 
     private:

trunk/JavaScriptCore/runtime/ObjectPrototype.cpp

@@ -42 +42 @@
 static JSValue JSC_HOST_CALL objectProtoFuncToLocaleString(ExecState*, JSObject*, JSValue, const ArgList&);
 
-ObjectPrototype::ObjectPrototype(ExecState* exec, NonNullPassRefPtr<Structure> stucture, Structure* prototypeFunctionStructure)
+ObjectPrototype::ObjectPrototype(ExecState* exec, JSGlobalObject* globalObject, NonNullPassRefPtr<Structure> stucture, Structure* prototypeFunctionStructure)
     : JSObject(stucture)
     , m_hasNoPropertiesWithUInt32Names(true)
 {
-    putDirectFunctionWithoutTransition(exec, new (exec) NativeFunctionWrapper(exec, prototypeFunctionStructure, 0, exec->propertyNames().toString, objectProtoFuncToString), DontEnum);
-    putDirectFunctionWithoutTransition(exec, new (exec) NativeFunctionWrapper(exec, prototypeFunctionStructure, 0, exec->propertyNames().toLocaleString, objectProtoFuncToLocaleString), DontEnum);
-    putDirectFunctionWithoutTransition(exec, new (exec) NativeFunctionWrapper(exec, prototypeFunctionStructure, 0, exec->propertyNames().valueOf, objectProtoFuncValueOf), DontEnum);
-    putDirectFunctionWithoutTransition(exec, new (exec) NativeFunctionWrapper(exec, prototypeFunctionStructure, 1, exec->propertyNames().hasOwnProperty, objectProtoFuncHasOwnProperty), DontEnum);
-    putDirectFunctionWithoutTransition(exec, new (exec) NativeFunctionWrapper(exec, prototypeFunctionStructure, 1, exec->propertyNames().propertyIsEnumerable, objectProtoFuncPropertyIsEnumerable), DontEnum);
-    putDirectFunctionWithoutTransition(exec, new (exec) NativeFunctionWrapper(exec, prototypeFunctionStructure, 1, exec->propertyNames().isPrototypeOf, objectProtoFuncIsPrototypeOf), DontEnum);
+    putDirectFunctionWithoutTransition(exec, new (exec) NativeFunctionWrapper(exec, globalObject, prototypeFunctionStructure, 0, exec->propertyNames().toString, objectProtoFuncToString), DontEnum);
+    putDirectFunctionWithoutTransition(exec, new (exec) NativeFunctionWrapper(exec, globalObject, prototypeFunctionStructure, 0, exec->propertyNames().toLocaleString, objectProtoFuncToLocaleString), DontEnum);
+    putDirectFunctionWithoutTransition(exec, new (exec) NativeFunctionWrapper(exec, globalObject, prototypeFunctionStructure, 0, exec->propertyNames().valueOf, objectProtoFuncValueOf), DontEnum);
+    putDirectFunctionWithoutTransition(exec, new (exec) NativeFunctionWrapper(exec, globalObject, prototypeFunctionStructure, 1, exec->propertyNames().hasOwnProperty, objectProtoFuncHasOwnProperty), DontEnum);
+    putDirectFunctionWithoutTransition(exec, new (exec) NativeFunctionWrapper(exec, globalObject, prototypeFunctionStructure, 1, exec->propertyNames().propertyIsEnumerable, objectProtoFuncPropertyIsEnumerable), DontEnum);
+    putDirectFunctionWithoutTransition(exec, new (exec) NativeFunctionWrapper(exec, globalObject, prototypeFunctionStructure, 1, exec->propertyNames().isPrototypeOf, objectProtoFuncIsPrototypeOf), DontEnum);
 
     // Mozilla extensions
-    putDirectFunctionWithoutTransition(exec, new (exec) NativeFunctionWrapper(exec, prototypeFunctionStructure, 2, exec->propertyNames().__defineGetter__, objectProtoFuncDefineGetter), DontEnum);
-    putDirectFunctionWithoutTransition(exec, new (exec) NativeFunctionWrapper(exec, prototypeFunctionStructure, 2, exec->propertyNames().__defineSetter__, objectProtoFuncDefineSetter), DontEnum);
-    putDirectFunctionWithoutTransition(exec, new (exec) NativeFunctionWrapper(exec, prototypeFunctionStructure, 1, exec->propertyNames().__lookupGetter__, objectProtoFuncLookupGetter), DontEnum);
-    putDirectFunctionWithoutTransition(exec, new (exec) NativeFunctionWrapper(exec, prototypeFunctionStructure, 1, exec->propertyNames().__lookupSetter__, objectProtoFuncLookupSetter), DontEnum);
+    putDirectFunctionWithoutTransition(exec, new (exec) NativeFunctionWrapper(exec, globalObject, prototypeFunctionStructure, 2, exec->propertyNames().__defineGetter__, objectProtoFuncDefineGetter), DontEnum);
+    putDirectFunctionWithoutTransition(exec, new (exec) NativeFunctionWrapper(exec, globalObject, prototypeFunctionStructure, 2, exec->propertyNames().__defineSetter__, objectProtoFuncDefineSetter), DontEnum);
+    putDirectFunctionWithoutTransition(exec, new (exec) NativeFunctionWrapper(exec, globalObject, prototypeFunctionStructure, 1, exec->propertyNames().__lookupGetter__, objectProtoFuncLookupGetter), DontEnum);
+    putDirectFunctionWithoutTransition(exec, new (exec) NativeFunctionWrapper(exec, globalObject, prototypeFunctionStructure, 1, exec->propertyNames().__lookupSetter__, objectProtoFuncLookupSetter), DontEnum);
 }
 

trunk/JavaScriptCore/runtime/ObjectPrototype.h

@@ -28 +28 @@
     class ObjectPrototype : public JSObject {
     public:
-        ObjectPrototype(ExecState*, NonNullPassRefPtr<Structure>, Structure* prototypeFunctionStructure);
+        ObjectPrototype(ExecState*, JSGlobalObject*, NonNullPassRefPtr<Structure>, Structure* prototypeFunctionStructure);
 
     private:

trunk/JavaScriptCore/runtime/PrototypeFunction.cpp

@@ -33 +33 @@
 ASSERT_CLASS_FITS_IN_CELL(PrototypeFunction);
 
-PrototypeFunction::PrototypeFunction(ExecState* exec, int length, const Identifier& name, NativeFunction function)
-    : InternalFunction(&exec->globalData(), exec->lexicalGlobalObject()->prototypeFunctionStructure(), name)
+PrototypeFunction::PrototypeFunction(ExecState* exec, JSGlobalObject* globalObject, int length, const Identifier& name, NativeFunction function)
+    : InternalFunction(&exec->globalData(), globalObject, exec->lexicalGlobalObject()->prototypeFunctionStructure(), name)
     , m_function(function)
 {
@@ -41 +41 @@
 }
 
-PrototypeFunction::PrototypeFunction(ExecState* exec, NonNullPassRefPtr<Structure> prototypeFunctionStructure, int length, const Identifier& name, NativeFunction function)
-    : InternalFunction(&exec->globalData(), prototypeFunctionStructure, name)
+PrototypeFunction::PrototypeFunction(ExecState* exec, JSGlobalObject* globalObject, NonNullPassRefPtr<Structure> prototypeFunctionStructure, int length, const Identifier& name, NativeFunction function)
+    : InternalFunction(&exec->globalData(), globalObject, prototypeFunctionStructure, name)
     , m_function(function)
 {

trunk/JavaScriptCore/runtime/PrototypeFunction.h

@@ -32 +32 @@
     class PrototypeFunction : public InternalFunction {
     public:
-        PrototypeFunction(ExecState*, int length, const Identifier&, NativeFunction);
-        PrototypeFunction(ExecState*, NonNullPassRefPtr<Structure>, int length, const Identifier&, NativeFunction);
+        PrototypeFunction(ExecState*, JSGlobalObject*, int length, const Identifier&, NativeFunction);
+        PrototypeFunction(ExecState*, JSGlobalObject*, NonNullPassRefPtr<Structure>, int length, const Identifier&, NativeFunction);
 
     private:

trunk/JavaScriptCore/runtime/RegExpConstructor.cpp

@@ -92 +92 @@
 */
 
-RegExpConstructor::RegExpConstructor(ExecState* exec, NonNullPassRefPtr<Structure> structure, RegExpPrototype* regExpPrototype)
-    : InternalFunction(&exec->globalData(), structure, Identifier(exec, "RegExp"))
+RegExpConstructor::RegExpConstructor(ExecState* exec, JSGlobalObject* globalObject, NonNullPassRefPtr<Structure> structure, RegExpPrototype* regExpPrototype)
+    : InternalFunction(&exec->globalData(), globalObject, structure, Identifier(exec, "RegExp"))
     , d(new RegExpConstructorPrivate)
 {
@@ -305 +305 @@
     if (!regExp->isValid())
         return throwError(exec, SyntaxError, makeString("Invalid regular expression: ", regExp->errorMessage()));
-    return new (exec) RegExpObject(exec->lexicalGlobalObject()->regExpStructure(), regExp.release());
+    return new (exec) RegExpObject(exec->lexicalGlobalObject(), exec->lexicalGlobalObject()->regExpStructure(), regExp.release());
 }
 

trunk/JavaScriptCore/runtime/RegExpConstructor.h

@@ -56 +56 @@
     class RegExpConstructor : public InternalFunction {
     public:
-        RegExpConstructor(ExecState*, NonNullPassRefPtr<Structure>, RegExpPrototype*);
+        RegExpConstructor(ExecState*, JSGlobalObject*, NonNullPassRefPtr<Structure>, RegExpPrototype*);
 
         static PassRefPtr<Structure> createStructure(JSValue prototype)

trunk/JavaScriptCore/runtime/RegExpObject.cpp

@@ -59 +59 @@
 */
 
-RegExpObject::RegExpObject(NonNullPassRefPtr<Structure> structure, NonNullPassRefPtr<RegExp> regExp)
-    : JSObject(structure)
+RegExpObject::RegExpObject(JSGlobalObject* globalObject, NonNullPassRefPtr<Structure> structure, NonNullPassRefPtr<RegExp> regExp)
+    : JSObjectWithGlobalObject(globalObject, structure)
     , d(new RegExpObjectData(regExp, 0))
 {

trunk/JavaScriptCore/runtime/RegExpObject.h

@@ -22 +22 @@
 #define RegExpObject_h
 
-#include "JSObject.h"
+#include "JSObjectWithGlobalObject.h"
 #include "RegExp.h"
 
 namespace JSC {
 
-    class RegExpObject : public JSObject {
+    class RegExpObject : public JSObjectWithGlobalObject {
     public:
-        RegExpObject(NonNullPassRefPtr<Structure>, NonNullPassRefPtr<RegExp>);
+        RegExpObject(JSGlobalObject* globalObject, NonNullPassRefPtr<Structure>, NonNullPassRefPtr<RegExp>);
         virtual ~RegExpObject();
 
@@ -54 +54 @@
 
     protected:
-        static const unsigned StructureFlags = OverridesGetOwnPropertySlot | JSObject::StructureFlags;
-
+        static const unsigned StructureFlags = OverridesGetOwnPropertySlot | JSObjectWithGlobalObject::StructureFlags;
+        
     private:
         bool match(ExecState*, const ArgList&);

trunk/JavaScriptCore/runtime/RegExpPrototype.cpp

@@ -48 +48 @@
 const ClassInfo RegExpPrototype::info = { "RegExpPrototype", 0, 0, 0 };
 
-RegExpPrototype::RegExpPrototype(ExecState* exec, NonNullPassRefPtr<Structure> structure, Structure* prototypeFunctionStructure)
+RegExpPrototype::RegExpPrototype(ExecState* exec, JSGlobalObject* globalObject, NonNullPassRefPtr<Structure> structure, Structure* prototypeFunctionStructure)
     : JSObject(structure)
 {
-    putDirectFunctionWithoutTransition(exec, new (exec) NativeFunctionWrapper(exec, prototypeFunctionStructure, 0, exec->propertyNames().compile, regExpProtoFuncCompile), DontEnum);
-    putDirectFunctionWithoutTransition(exec, new (exec) NativeFunctionWrapper(exec, prototypeFunctionStructure, 0, exec->propertyNames().exec, regExpProtoFuncExec), DontEnum);
-    putDirectFunctionWithoutTransition(exec, new (exec) NativeFunctionWrapper(exec, prototypeFunctionStructure, 0, exec->propertyNames().test, regExpProtoFuncTest), DontEnum);
-    putDirectFunctionWithoutTransition(exec, new (exec) NativeFunctionWrapper(exec, prototypeFunctionStructure, 0, exec->propertyNames().toString, regExpProtoFuncToString), DontEnum);
+    putDirectFunctionWithoutTransition(exec, new (exec) NativeFunctionWrapper(exec, globalObject, prototypeFunctionStructure, 0, exec->propertyNames().compile, regExpProtoFuncCompile), DontEnum);
+    putDirectFunctionWithoutTransition(exec, new (exec) NativeFunctionWrapper(exec, globalObject, prototypeFunctionStructure, 0, exec->propertyNames().exec, regExpProtoFuncExec), DontEnum);
+    putDirectFunctionWithoutTransition(exec, new (exec) NativeFunctionWrapper(exec, globalObject, prototypeFunctionStructure, 0, exec->propertyNames().test, regExpProtoFuncTest), DontEnum);
+    putDirectFunctionWithoutTransition(exec, new (exec) NativeFunctionWrapper(exec, globalObject, prototypeFunctionStructure, 0, exec->propertyNames().toString, regExpProtoFuncToString), DontEnum);
 }
 

trunk/JavaScriptCore/runtime/RegExpPrototype.h

@@ -28 +28 @@
     class RegExpPrototype : public JSObject {
     public:
-        RegExpPrototype(ExecState*, NonNullPassRefPtr<Structure>, Structure* prototypeFunctionStructure);
+        RegExpPrototype(ExecState*, JSGlobalObject*, NonNullPassRefPtr<Structure>, Structure* prototypeFunctionStructure);
 
         virtual const ClassInfo* classInfo() const { return &info; }

trunk/JavaScriptCore/runtime/StringConstructor.cpp

@@ -50 +50 @@
 ASSERT_CLASS_FITS_IN_CELL(StringConstructor);
 
-StringConstructor::StringConstructor(ExecState* exec, NonNullPassRefPtr<Structure> structure, Structure* prototypeFunctionStructure, StringPrototype* stringPrototype)
-    : InternalFunction(&exec->globalData(), structure, Identifier(exec, stringPrototype->classInfo()->className))
+StringConstructor::StringConstructor(ExecState* exec, JSGlobalObject* globalObject, NonNullPassRefPtr<Structure> structure, Structure* prototypeFunctionStructure, StringPrototype* stringPrototype)
+    : InternalFunction(&exec->globalData(), globalObject, structure, Identifier(exec, stringPrototype->classInfo()->className))
 {
     // ECMA 15.5.3.1 String.prototype
@@ -58 +58 @@
     // ECMA 15.5.3.2 fromCharCode()
 #if ENABLE(JIT)
-    putDirectFunctionWithoutTransition(exec, new (exec) NativeFunctionWrapper(exec, prototypeFunctionStructure, 1, exec->propertyNames().fromCharCode, exec->globalData().getHostFunction(stringFromCharCode, fromCharCodeThunkGenerator)), DontEnum);
+    putDirectFunctionWithoutTransition(exec, new (exec) NativeFunctionWrapper(exec, globalObject, prototypeFunctionStructure, 1, exec->propertyNames().fromCharCode, exec->globalData().getHostFunction(stringFromCharCode, fromCharCodeThunkGenerator)), DontEnum);
 #else
-    putDirectFunctionWithoutTransition(exec, new (exec) NativeFunctionWrapper(exec, prototypeFunctionStructure, 1, exec->propertyNames().fromCharCode, stringFromCharCode), DontEnum);
+    putDirectFunctionWithoutTransition(exec, new (exec) NativeFunctionWrapper(exec, globalObject, prototypeFunctionStructure, 1, exec->propertyNames().fromCharCode, stringFromCharCode), DontEnum);
 #endif
     // no. of arguments for constructor

trunk/JavaScriptCore/runtime/StringConstructor.h

@@ -30 +30 @@
     class StringConstructor : public InternalFunction {
     public:
-        StringConstructor(ExecState*, NonNullPassRefPtr<Structure>, Structure* prototypeFunctionStructure, StringPrototype*);
+        StringConstructor(ExecState*, JSGlobalObject*, NonNullPassRefPtr<Structure>, Structure* prototypeFunctionStructure, StringPrototype*);
 
         virtual ConstructType getConstructData(ConstructData&);

trunk/JavaScriptCore/runtime/StringPrototype.cpp

@@ -133 +133 @@
 
 // ECMA 15.5.4
-StringPrototype::StringPrototype(ExecState* exec, NonNullPassRefPtr<Structure> structure)
+StringPrototype::StringPrototype(ExecState* exec, JSGlobalObject* globalObject, NonNullPassRefPtr<Structure> structure)
     : StringObject(exec, structure)
 {
+    putAnonymousValue(0, globalObject);
     // The constructor will be added later, after StringConstructor has been built
     putDirectWithoutTransition(exec->propertyNames().length, jsNumber(exec, 0), DontDelete | ReadOnly | DontEnum);

trunk/JavaScriptCore/runtime/StringPrototype.h

@@ -30 +30 @@
     class StringPrototype : public StringObject {
     public:
-        StringPrototype(ExecState*, NonNullPassRefPtr<Structure>);
+        StringPrototype(ExecState*, JSGlobalObject*, NonNullPassRefPtr<Structure>);
 
         virtual bool getOwnPropertySlot(ExecState*, const Identifier& propertyName, PropertySlot&);

trunk/LayoutTests/ChangeLog

@@ +1 @@
+2010-05-21  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Geoffrey Garen.
+
+        All callable objects should have a global object reference
+        https://bugs.webkit.org/show_bug.cgi?id=39495
+
+        Update expected results as we now give all function objects
+        get their prototypes from the correct global object.
+
+        * fast/dom/prototype-inheritance-expected.txt:
+
 2010-05-21  Victor Wang  <victorw@chromium.org>
 

trunk/LayoutTests/fast/dom/prototype-inheritance-expected.txt

@@ -606 +606 @@
 PASS inner.XSLTProcessor.isInner is true
 PASS inner.XSLTProcessor.constructor.isInner is true
-FAIL inner.addEventListener.isInner should be true. Was false.
-FAIL inner.addEventListener.constructor.isInner should be true. Was false.
-FAIL inner.alert.isInner should be true. Was false.
-FAIL inner.alert.constructor.isInner should be true. Was false.
+PASS inner.addEventListener.isInner is true
+PASS inner.addEventListener.constructor.isInner is true
+PASS inner.alert.isInner is true
+PASS inner.alert.constructor.isInner is true
 PASS inner.applicationCache.isInner is true
 PASS inner.applicationCache.constructor.isInner is true
-FAIL inner.atob.isInner should be true. Was false.
-FAIL inner.atob.constructor.isInner should be true. Was false.
-FAIL inner.blur.isInner should be true. Was false.
-FAIL inner.blur.constructor.isInner should be true. Was false.
-FAIL inner.btoa.isInner should be true. Was false.
-FAIL inner.btoa.constructor.isInner should be true. Was false.
-FAIL inner.captureEvents.isInner should be true. Was false.
-FAIL inner.captureEvents.constructor.isInner should be true. Was false.
-FAIL inner.clearInterval.isInner should be true. Was false.
-FAIL inner.clearInterval.constructor.isInner should be true. Was false.
-FAIL inner.clearTimeout.isInner should be true. Was false.
-FAIL inner.clearTimeout.constructor.isInner should be true. Was false.
+PASS inner.atob.isInner is true
+PASS inner.atob.constructor.isInner is true
+PASS inner.blur.isInner is true
+PASS inner.blur.constructor.isInner is true
+PASS inner.btoa.isInner is true
+PASS inner.btoa.constructor.isInner is true
+PASS inner.captureEvents.isInner is true
+PASS inner.captureEvents.constructor.isInner is true
+PASS inner.clearInterval.isInner is true
+PASS inner.clearInterval.constructor.isInner is true
+PASS inner.clearTimeout.isInner is true
+PASS inner.clearTimeout.constructor.isInner is true
 PASS inner.clientInformation.isInner is true
 PASS inner.clientInformation.constructor.isInner is true
-FAIL inner.close.isInner should be true. Was false.
-FAIL inner.close.constructor.isInner should be true. Was false.
+PASS inner.close.isInner is true
+PASS inner.close.constructor.isInner is true
 FAIL inner.closed.isInner should be true. Was false.
 FAIL inner.closed.constructor.isInner should be true. Was false.
-FAIL inner.confirm.isInner should be true. Was false.
-FAIL inner.confirm.constructor.isInner should be true. Was false.
+PASS inner.confirm.isInner is true
+PASS inner.confirm.constructor.isInner is true
 PASS inner.console.isInner is true
 PASS inner.console.constructor.isInner is true
@@ -640 +640 @@
 FAIL inner.devicePixelRatio.isInner should be true. Was false.
 FAIL inner.devicePixelRatio.constructor.isInner should be true. Was false.
-FAIL inner.dispatchEvent.isInner should be true. Was false.
-FAIL inner.dispatchEvent.constructor.isInner should be true. Was false.
+PASS inner.dispatchEvent.isInner is true
+PASS inner.dispatchEvent.constructor.isInner is true
 PASS inner.document.isInner is true
 PASS inner.document.constructor.isInner is true
-FAIL inner.find.isInner should be true. Was false.
-FAIL inner.find.constructor.isInner should be true. Was false.
-FAIL inner.focus.isInner should be true. Was false.
-FAIL inner.focus.constructor.isInner should be true. Was false.
+PASS inner.find.isInner is true
+PASS inner.find.constructor.isInner is true
+PASS inner.focus.isInner is true
+PASS inner.focus.constructor.isInner is true
 FAIL inner.frameElement.isInner should be true. Was false.
 FAIL inner.frameElement.constructor.isInner should be true. Was false.
 PASS inner.frames.isInner is true
 PASS inner.frames.constructor.isInner is true
-FAIL inner.getComputedStyle.isInner should be true. Was false.
-FAIL inner.getComputedStyle.constructor.isInner should be true. Was false.
-FAIL inner.getMatchedCSSRules.isInner should be true. Was false.
-FAIL inner.getMatchedCSSRules.constructor.isInner should be true. Was false.
-FAIL inner.getSelection.isInner should be true. Was false.
-FAIL inner.getSelection.constructor.isInner should be true. Was false.
+PASS inner.getComputedStyle.isInner is true
+PASS inner.getComputedStyle.constructor.isInner is true
+PASS inner.getMatchedCSSRules.isInner is true
+PASS inner.getMatchedCSSRules.constructor.isInner is true
+PASS inner.getSelection.isInner is true
+PASS inner.getSelection.constructor.isInner is true
 PASS inner.history.isInner is true
 PASS inner.history.constructor.isInner is true
@@ -676 +676 @@
 PASS inner.menubar.isInner is true
 PASS inner.menubar.constructor.isInner is true
-FAIL inner.moveBy.isInner should be true. Was false.
-FAIL inner.moveBy.constructor.isInner should be true. Was false.
-FAIL inner.moveTo.isInner should be true. Was false.
-FAIL inner.moveTo.constructor.isInner should be true. Was false.
+PASS inner.moveBy.isInner is true
+PASS inner.moveBy.constructor.isInner is true
+PASS inner.moveTo.isInner is true
+PASS inner.moveTo.constructor.isInner is true
 FAIL inner.name.isInner should be true. Was false.
 FAIL inner.name.constructor.isInner should be true. Was false.
@@ -686 +686 @@
 FAIL inner.offscreenBuffering.isInner should be true. Was false.
 FAIL inner.offscreenBuffering.constructor.isInner should be true. Was false.
-FAIL inner.open.isInner should be true. Was false.
-FAIL inner.open.constructor.isInner should be true. Was false.
-FAIL inner.openDatabase.isInner should be true. Was false.
-FAIL inner.openDatabase.constructor.isInner should be true. Was false.
+PASS inner.open.isInner is true
+PASS inner.open.constructor.isInner is true
+PASS inner.openDatabase.isInner is true
+PASS inner.openDatabase.constructor.isInner is true
 FAIL inner.outerHeight.isInner should be true. Was false.
 FAIL inner.outerHeight.constructor.isInner should be true. Was false.
@@ -700 +700 @@
 PASS inner.personalbar.isInner is true
 PASS inner.personalbar.constructor.isInner is true
-FAIL inner.postMessage.isInner should be true. Was false.
-FAIL inner.postMessage.constructor.isInner should be true. Was false.
-FAIL inner.print.isInner should be true. Was false.
-FAIL inner.print.constructor.isInner should be true. Was false.
-FAIL inner.prompt.isInner should be true. Was false.
-FAIL inner.prompt.constructor.isInner should be true. Was false.
-FAIL inner.releaseEvents.isInner should be true. Was false.
-FAIL inner.releaseEvents.constructor.isInner should be true. Was false.
-FAIL inner.removeEventListener.isInner should be true. Was false.
-FAIL inner.removeEventListener.constructor.isInner should be true. Was false.
-FAIL inner.resizeBy.isInner should be true. Was false.
-FAIL inner.resizeBy.constructor.isInner should be true. Was false.
-FAIL inner.resizeTo.isInner should be true. Was false.
-FAIL inner.resizeTo.constructor.isInner should be true. Was false.
+PASS inner.postMessage.isInner is true
+PASS inner.postMessage.constructor.isInner is true
+PASS inner.print.isInner is true
+PASS inner.print.constructor.isInner is true
+PASS inner.prompt.isInner is true
+PASS inner.prompt.constructor.isInner is true
+PASS inner.releaseEvents.isInner is true
+PASS inner.releaseEvents.constructor.isInner is true
+PASS inner.removeEventListener.isInner is true
+PASS inner.removeEventListener.constructor.isInner is true
+PASS inner.resizeBy.isInner is true
+PASS inner.resizeBy.constructor.isInner is true
+PASS inner.resizeTo.isInner is true
+PASS inner.resizeTo.constructor.isInner is true
 PASS inner.screen.isInner is true
 PASS inner.screen.constructor.isInner is true
@@ -724 +724 @@
 FAIL inner.screenY.isInner should be true. Was false.
 FAIL inner.screenY.constructor.isInner should be true. Was false.
-FAIL inner.scroll.isInner should be true. Was false.
-FAIL inner.scroll.constructor.isInner should be true. Was false.
-FAIL inner.scrollBy.isInner should be true. Was false.
-FAIL inner.scrollBy.constructor.isInner should be true. Was false.
-FAIL inner.scrollTo.isInner should be true. Was false.
-FAIL inner.scrollTo.constructor.isInner should be true. Was false.
+PASS inner.scroll.isInner is true
+PASS inner.scroll.constructor.isInner is true
+PASS inner.scrollBy.isInner is true
+PASS inner.scrollBy.constructor.isInner is true
+PASS inner.scrollTo.isInner is true
+PASS inner.scrollTo.constructor.isInner is true
 FAIL inner.scrollX.isInner should be true. Was false.
 FAIL inner.scrollX.constructor.isInner should be true. Was false.
@@ -740 +740 @@
 PASS inner.sessionStorage.isInner is true
 PASS inner.sessionStorage.constructor.isInner is true
-FAIL inner.setInterval.isInner should be true. Was false.
-FAIL inner.setInterval.constructor.isInner should be true. Was false.
-FAIL inner.setTimeout.isInner should be true. Was false.
-FAIL inner.setTimeout.constructor.isInner should be true. Was false.
+PASS inner.setInterval.isInner is true
+PASS inner.setInterval.constructor.isInner is true
+PASS inner.setTimeout.isInner is true
+PASS inner.setTimeout.constructor.isInner is true
 FAIL inner.status.isInner should be true. Was false.
 FAIL inner.status.constructor.isInner should be true. Was false.
 PASS inner.statusbar.isInner is true
 PASS inner.statusbar.constructor.isInner is true
-FAIL inner.stop.isInner should be true. Was false.
-FAIL inner.stop.constructor.isInner should be true. Was false.
+PASS inner.stop.isInner is true
+PASS inner.stop.constructor.isInner is true
 PASS inner.styleMedia.isInner is true
 PASS inner.styleMedia.constructor.isInner is true
 PASS inner.toolbar.isInner is true
 PASS inner.toolbar.constructor.isInner is true
-FAIL inner.webkitConvertPointFromNodeToPage.isInner should be true. Was false.
-FAIL inner.webkitConvertPointFromNodeToPage.constructor.isInner should be true. Was false.
-FAIL inner.webkitConvertPointFromPageToNode.isInner should be true. Was false.
-FAIL inner.webkitConvertPointFromPageToNode.constructor.isInner should be true. Was false.
+PASS inner.webkitConvertPointFromNodeToPage.isInner is true
+PASS inner.webkitConvertPointFromNodeToPage.constructor.isInner is true
+PASS inner.webkitConvertPointFromPageToNode.isInner is true
+PASS inner.webkitConvertPointFromPageToNode.constructor.isInner is true
 PASS inner.window.isInner is true
 PASS inner.window.constructor.isInner is true

trunk/WebCore/ChangeLog

@@ +1 @@
+2010-05-21  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Geoffrey Garen.
+
+        All callable objects should have a global object reference
+        https://bugs.webkit.org/show_bug.cgi?id=39495
+
+        Update the bindings generator to give prototype objects a
+        global object.  Update all the manually written JSObject
+        subclasses to pass a global object.
+
+        * ForwardingHeaders/runtime/JSObjectWithGlobalObject.h: Added.
+        * WebCore.PluginHostProcess.exp:
+        * bindings/js/JSDOMBinding.cpp:
+        (WebCore::objectToStringFunctionGetter):
+        * bindings/js/JSDOMWindowCustom.cpp:
+        (WebCore::nonCachingStaticFunctionGetter):
+        * bindings/js/JSDOMWindowShell.cpp:
+        (WebCore::JSDOMWindowShell::setWindow):
+        * bindings/js/JSHistoryCustom.cpp:
+        (WebCore::nonCachingStaticBackFunctionGetter):
+        (WebCore::nonCachingStaticForwardFunctionGetter):
+        (WebCore::nonCachingStaticGoFunctionGetter):
+        * bindings/js/JSLocationCustom.cpp:
+        (WebCore::nonCachingStaticReplaceFunctionGetter):
+        (WebCore::nonCachingStaticReloadFunctionGetter):
+        (WebCore::nonCachingStaticAssignFunctionGetter):
+        * bindings/js/WorkerScriptController.cpp:
+        (WebCore::WorkerScriptController::initScript):
+        * bindings/scripts/CodeGeneratorJS.pm:
+        * bridge/c/CRuntimeObject.cpp:
+        (JSC::Bindings::CRuntimeObject::CRuntimeObject):
+        * bridge/c/CRuntimeObject.h:
+        * bridge/c/c_instance.cpp:
+        (JSC::Bindings::CInstance::newRuntimeObject):
+        (JSC::Bindings::CRuntimeMethod::CRuntimeMethod):
+        (JSC::Bindings::CInstance::getMethod):
+        * bridge/jni/jsc/JavaInstanceJSC.cpp:
+        (JavaInstance::newRuntimeObject):
+        (JavaRuntimeMethod::JavaRuntimeMethod):
+        (JavaInstance::getMethod):
+        * bridge/jni/jsc/JavaRuntimeObject.cpp:
+        (JSC::Bindings::JavaRuntimeObject::JavaRuntimeObject):
+        * bridge/jni/jsc/JavaRuntimeObject.h:
+        * bridge/jsc/BridgeJSC.cpp:
+        (JSC::Bindings::Instance::newRuntimeObject):
+        * bridge/objc/ObjCRuntimeObject.h:
+        * bridge/objc/ObjCRuntimeObject.mm:
+        (JSC::Bindings::ObjCRuntimeObject::ObjCRuntimeObject):
+        * bridge/objc/objc_class.mm:
+        (JSC::Bindings::ObjcClass::fallbackObject):
+        * bridge/objc/objc_instance.mm:
+        (ObjcInstance::newRuntimeObject):
+        (ObjCRuntimeMethod::ObjCRuntimeMethod):
+        (ObjcInstance::getMethod):
+        * bridge/objc/objc_runtime.h:
+        * bridge/objc/objc_runtime.mm:
+        (JSC::Bindings::ObjcFallbackObjectImp::ObjcFallbackObjectImp):
+        * bridge/runtime_method.cpp:
+        (JSC::RuntimeMethod::RuntimeMethod):
+        * bridge/runtime_method.h:
+        * bridge/runtime_object.cpp:
+        (JSC::Bindings::RuntimeObject::RuntimeObject):
+        * bridge/runtime_object.h:
+
 2010-05-21  Steve Block  <steveblock@google.com>
 

trunk/WebCore/WebCore.PluginHostProcess.exp

@@ -5 +5 @@
 __ZN3JSC13RuntimeMethod24getOwnPropertyDescriptorEPNS_9ExecStateERKNS_10IdentifierERNS_18PropertyDescriptorE
 __ZN3JSC13RuntimeMethod6s_infoE
-__ZN3JSC13RuntimeMethodC1EPNS_9ExecStateERKNS_10IdentifierERN3WTF6VectorIPNS_8Bindings6MethodELm0EEE
-__ZN3JSC13RuntimeMethodC2EPNS_9ExecStateERKNS_10IdentifierERN3WTF6VectorIPNS_8Bindings6MethodELm0EEE
+__ZN3JSC13RuntimeMethodC2EPNS_9ExecStateEPNS_14JSGlobalObjectERKNS_10IdentifierERN3WTF6VectorIPNS_8Bindings6MethodELm0EEE
 __ZN3JSC8Bindings10RootObjectD1Ev
 __ZN3JSC8Bindings13RuntimeObject11getCallDataERNS_8CallDataE
@@ -16 +15 @@
 __ZN3JSC8Bindings13RuntimeObject3putEPNS_9ExecStateERKNS_10IdentifierENS_7JSValueERNS_15PutPropertySlotE
 __ZN3JSC8Bindings13RuntimeObject6s_infoE
-__ZN3JSC8Bindings13RuntimeObjectC2EPNS_9ExecStateEN3WTF10PassRefPtrINS0_8InstanceEEE
+__ZN3JSC8Bindings13RuntimeObjectC2EPNS_9ExecStateEPNS_14JSGlobalObjectEN3WTF10PassRefPtrINS0_8InstanceEEE
 __ZN3JSC8Bindings13RuntimeObjectD2Ev
 __ZN3JSC8Bindings8Instance19createRuntimeObjectEPNS_9ExecStateE

trunk/WebCore/bindings/js/JSDOMBinding.cpp

@@ -687 +687 @@
 JSValue objectToStringFunctionGetter(ExecState* exec, JSValue, const Identifier& propertyName)
 {
-    return new (exec) NativeFunctionWrapper(exec, exec->lexicalGlobalObject()->prototypeFunctionStructure(), 0, propertyName, objectProtoFuncToString);
+    return new (exec) NativeFunctionWrapper(exec, exec->lexicalGlobalObject(), exec->lexicalGlobalObject()->prototypeFunctionStructure(), 0, propertyName, objectProtoFuncToString);
 }
 

trunk/WebCore/bindings/js/JSDOMWindowCustom.cpp

@@ -131 +131 @@
 JSValue nonCachingStaticFunctionGetter(ExecState* exec, JSValue, const Identifier& propertyName)
 {
-    return new (exec) NativeFunctionWrapper(exec, exec->lexicalGlobalObject()->prototypeFunctionStructure(), length, propertyName, nativeFunction);
+    return new (exec) NativeFunctionWrapper(exec, exec->lexicalGlobalObject(), exec->lexicalGlobalObject()->prototypeFunctionStructure(), length, propertyName, nativeFunction);
 }
 

trunk/WebCore/bindings/js/JSDOMWindowShell.cpp

@@ -62 +62 @@
     // constructed, it can mark its own prototype.)
     RefPtr<Structure> prototypeStructure = JSDOMWindowPrototype::createStructure(jsNull());
-    ProtectedPtr<JSDOMWindowPrototype> prototype = new JSDOMWindowPrototype(prototypeStructure.release());
+    ProtectedPtr<JSDOMWindowPrototype> prototype = new JSDOMWindowPrototype(0, prototypeStructure.release());
 
     RefPtr<Structure> structure = JSDOMWindow::createStructure(prototype);
     JSDOMWindow* jsDOMWindow = new (JSDOMWindow::commonJSGlobalData()) JSDOMWindow(structure.release(), domWindow, this);
+    prototype->putAnonymousValue(0, jsDOMWindow);
     setWindow(jsDOMWindow);
 }

trunk/WebCore/bindings/js/JSHistoryCustom.cpp

@@ -41 +41 @@
 static JSValue nonCachingStaticBackFunctionGetter(ExecState* exec, JSValue, const Identifier& propertyName)
 {
-    return new (exec) NativeFunctionWrapper(exec, exec->lexicalGlobalObject()->prototypeFunctionStructure(), 0, propertyName, jsHistoryPrototypeFunctionBack);
+    return new (exec) NativeFunctionWrapper(exec, exec->lexicalGlobalObject(), exec->lexicalGlobalObject()->prototypeFunctionStructure(), 0, propertyName, jsHistoryPrototypeFunctionBack);
 }
 
 static JSValue nonCachingStaticForwardFunctionGetter(ExecState* exec, JSValue, const Identifier& propertyName)
 {
-    return new (exec) NativeFunctionWrapper(exec, exec->lexicalGlobalObject()->prototypeFunctionStructure(), 0, propertyName, jsHistoryPrototypeFunctionForward);
+    return new (exec) NativeFunctionWrapper(exec, exec->lexicalGlobalObject(), exec->lexicalGlobalObject()->prototypeFunctionStructure(), 0, propertyName, jsHistoryPrototypeFunctionForward);
 }
 
 static JSValue nonCachingStaticGoFunctionGetter(ExecState* exec, JSValue, const Identifier& propertyName)
 {
-    return new (exec) NativeFunctionWrapper(exec, exec->lexicalGlobalObject()->prototypeFunctionStructure(), 1, propertyName, jsHistoryPrototypeFunctionGo);
+    return new (exec) NativeFunctionWrapper(exec, exec->lexicalGlobalObject(), exec->lexicalGlobalObject()->prototypeFunctionStructure(), 1, propertyName, jsHistoryPrototypeFunctionGo);
 }
 

trunk/WebCore/bindings/js/JSLocationCustom.cpp

@@ -42 +42 @@
 static JSValue nonCachingStaticReplaceFunctionGetter(ExecState* exec, JSValue, const Identifier& propertyName)
 {
-    return new (exec) NativeFunctionWrapper(exec, exec->lexicalGlobalObject()->prototypeFunctionStructure(), 1, propertyName, jsLocationPrototypeFunctionReplace);
+    return new (exec) NativeFunctionWrapper(exec, exec->lexicalGlobalObject(), exec->lexicalGlobalObject()->prototypeFunctionStructure(), 1, propertyName, jsLocationPrototypeFunctionReplace);
 }
 
 static JSValue nonCachingStaticReloadFunctionGetter(ExecState* exec, JSValue, const Identifier& propertyName)
 {
-    return new (exec) NativeFunctionWrapper(exec, exec->lexicalGlobalObject()->prototypeFunctionStructure(), 0, propertyName, jsLocationPrototypeFunctionReload);
+    return new (exec) NativeFunctionWrapper(exec, exec->lexicalGlobalObject(), exec->lexicalGlobalObject()->prototypeFunctionStructure(), 0, propertyName, jsLocationPrototypeFunctionReload);
 }
 
 static JSValue nonCachingStaticAssignFunctionGetter(ExecState* exec, JSValue, const Identifier& propertyName)
 {
-    return new (exec) NativeFunctionWrapper(exec, exec->lexicalGlobalObject()->prototypeFunctionStructure(), 1, propertyName, jsLocationPrototypeFunctionAssign);
+    return new (exec) NativeFunctionWrapper(exec, exec->lexicalGlobalObject(), exec->lexicalGlobalObject()->prototypeFunctionStructure(), 1, propertyName, jsLocationPrototypeFunctionAssign);
 }
 

trunk/WebCore/bindings/js/WorkerScriptController.cpp

@@ -72 +72 @@
     // constructed, it can mark its own prototype.)
     RefPtr<Structure> workerContextPrototypeStructure = JSWorkerContextPrototype::createStructure(jsNull());
-    ProtectedPtr<JSWorkerContextPrototype> workerContextPrototype = new (m_globalData.get()) JSWorkerContextPrototype(workerContextPrototypeStructure.release());
+    ProtectedPtr<JSWorkerContextPrototype> workerContextPrototype = new (m_globalData.get()) JSWorkerContextPrototype(0, workerContextPrototypeStructure.release());
 
     if (m_workerContext->isDedicatedWorkerContext()) {
         RefPtr<Structure> dedicatedContextPrototypeStructure = JSDedicatedWorkerContextPrototype::createStructure(workerContextPrototype);
-        ProtectedPtr<JSDedicatedWorkerContextPrototype> dedicatedContextPrototype = new (m_globalData.get()) JSDedicatedWorkerContextPrototype(dedicatedContextPrototypeStructure.release());
+        ProtectedPtr<JSDedicatedWorkerContextPrototype> dedicatedContextPrototype = new (m_globalData.get()) JSDedicatedWorkerContextPrototype(0, dedicatedContextPrototypeStructure.release());
         RefPtr<Structure> structure = JSDedicatedWorkerContext::createStructure(dedicatedContextPrototype);
 
         m_workerContextWrapper = new (m_globalData.get()) JSDedicatedWorkerContext(structure.release(), m_workerContext->toDedicatedWorkerContext());
+        workerContextPrototype->putAnonymousValue(0, m_workerContextWrapper);
+        dedicatedContextPrototype->putAnonymousValue(0, m_workerContextWrapper);
 #if ENABLE(SHARED_WORKERS)
     } else {
         ASSERT(m_workerContext->isSharedWorkerContext());
         RefPtr<Structure> sharedContextPrototypeStructure = JSSharedWorkerContextPrototype::createStructure(workerContextPrototype);
-        ProtectedPtr<JSSharedWorkerContextPrototype> sharedContextPrototype = new (m_globalData.get()) JSSharedWorkerContextPrototype(sharedContextPrototypeStructure.release());
+        ProtectedPtr<JSSharedWorkerContextPrototype> sharedContextPrototype = new (m_globalData.get()) JSSharedWorkerContextPrototype(0, sharedContextPrototypeStructure.release());
         RefPtr<Structure> structure = JSSharedWorkerContext::createStructure(sharedContextPrototype);
 
         m_workerContextWrapper = new (m_globalData.get()) JSSharedWorkerContext(structure.release(), m_workerContext->toSharedWorkerContext());
+        workerContextPrototype->putAnonymousValue(0, m_workerContextWrapper);
+        sharedContextPrototype->putAnonymousValue(0, m_workerContextWrapper);
 #endif
     }

trunk/WebCore/bindings/scripts/CodeGeneratorJS.pm

@@ -644 +644 @@
         $headerIncludes{"$implClassName.h"} = 1;
     }
+    
+    $headerIncludes{"<runtime/JSObjectWithGlobalObject.h>"} = 1;
 
     $headerIncludes{"SVGElement.h"} = 1 if $className =~ /^JSSVG/;
@@ -936 +938 @@
     # Add prototype declaration.
     %structureFlags = ();
-    push(@headerContent, "class ${className}Prototype : public JSC::JSObject {\n");
-    push(@headerContent, "    typedef JSC::JSObject Base;\n");
+    push(@headerContent, "class ${className}Prototype : public JSC::JSObjectWithGlobalObject {\n");
+    push(@headerContent, "    typedef JSC::JSObjectWithGlobalObject Base;\n");
     push(@headerContent, "public:\n");
     if ($interfaceName eq "DOMWindow") {
@@ -971 +973 @@
     push(@headerContent, "    virtual void defineGetter(JSC::ExecState*, const JSC::Identifier& propertyName, JSC::JSObject* getterFunction, unsigned attributes);\n") if $dataNode->extendedAttributes->{"CustomPrototypeDefineGetter"};
 
-    push(@headerContent, "    ${className}Prototype(NonNullPassRefPtr<JSC::Structure> structure) : JSC::JSObject(structure) { }\n");
+    push(@headerContent, "    ${className}Prototype(JSC::JSGlobalObject* globalObject, NonNullPassRefPtr<JSC::Structure> structure) : JSC::JSObjectWithGlobalObject(globalObject, structure) { }\n");
 
     # structure flags
@@ -1441 +1443 @@
         push(@implContent, "{\n");
         if ($hasParent && $parentClassName ne "JSC::DOMNodeFilter") {
-            push(@implContent, "    return new (exec) ${className}Prototype(${className}Prototype::createStructure(${parentClassName}Prototype::self(exec, globalObject)));\n");
+            push(@implContent, "    return new (exec) ${className}Prototype(globalObject, ${className}Prototype::createStructure(${parentClassName}Prototype::self(exec, globalObject)));\n");
         } else {
-            push(@implContent, "    return new (exec) ${className}Prototype(${className}Prototype::createStructure(globalObject->objectPrototype()));\n");
+            push(@implContent, "    return new (exec) ${className}Prototype(globalObject, ${className}Prototype::createStructure(globalObject->objectPrototype()));\n");
         }
         push(@implContent, "}\n\n");

trunk/WebCore/bridge/c/CRuntimeObject.cpp

@@ -36 +36 @@
 const ClassInfo CRuntimeObject::s_info = { "CRuntimeObject", &RuntimeObject::s_info, 0, 0 };
 
-CRuntimeObject::CRuntimeObject(ExecState* exec, PassRefPtr<CInstance> instance)
-    : RuntimeObject(exec, instance)
+CRuntimeObject::CRuntimeObject(ExecState* exec, JSGlobalObject* globalObject, PassRefPtr<CInstance> instance)
+    : RuntimeObject(exec, globalObject, instance)
 {
 }

trunk/WebCore/bridge/c/CRuntimeObject.h

@@ -38 +38 @@
 class CRuntimeObject : public RuntimeObject {
 public:
-    CRuntimeObject(ExecState*, PassRefPtr<CInstance>);
+    CRuntimeObject(ExecState*, JSGlobalObject*, PassRefPtr<CInstance>);
     virtual ~CRuntimeObject();
 

trunk/WebCore/bridge/c/c_instance.cpp

@@ -94 +94 @@
 RuntimeObject* CInstance::newRuntimeObject(ExecState* exec)
 {
-    return new (exec) CRuntimeObject(exec, this);
+    return new (exec) CRuntimeObject(exec, exec->lexicalGlobalObject(), this);
 }
 
@@ -111 +111 @@
 class CRuntimeMethod : public RuntimeMethod {
 public:
-    CRuntimeMethod(ExecState* exec, const Identifier& name, Bindings::MethodList& list)
-        : RuntimeMethod(exec, name, list)
+    CRuntimeMethod(ExecState* exec, JSGlobalObject* globalObject, const Identifier& name, Bindings::MethodList& list)
+        : RuntimeMethod(exec, globalObject, name, list)
     {
     }
@@ -126 +126 @@
 {
     MethodList methodList = getClass()->methodsNamed(propertyName, this);
-    return new (exec) CRuntimeMethod(exec, propertyName, methodList);
+    return new (exec) CRuntimeMethod(exec, exec->lexicalGlobalObject(), propertyName, methodList);
 }
 

trunk/WebCore/bridge/jni/jsc/JavaInstanceJSC.cpp

@@ -61 +61 @@
 RuntimeObject* JavaInstance::newRuntimeObject(ExecState* exec)
 {
-    return new (exec) JavaRuntimeObject(exec, this);
+    return new (exec) JavaRuntimeObject(exec, exec->lexicalGlobalObject(), this);
 }
 
@@ -114 +114 @@
 class JavaRuntimeMethod : public RuntimeMethod {
 public:
-    JavaRuntimeMethod(ExecState* exec, const Identifier& name, Bindings::MethodList& list)
-        : RuntimeMethod(exec, name, list)
+    JavaRuntimeMethod(ExecState* exec, JSGlobalObject* globalObject, const Identifier& name, Bindings::MethodList& list)
+        : RuntimeMethod(exec, globalObject, name, list)
     {
     }
@@ -129 +129 @@
 {
     MethodList methodList = getClass()->methodsNamed(propertyName, this);
-    return new (exec) JavaRuntimeMethod(exec, propertyName, methodList);
+    return new (exec) JavaRuntimeMethod(exec, exec->lexicalGlobalObject(), propertyName, methodList);
 }
 

trunk/WebCore/bridge/jni/jsc/JavaRuntimeObject.cpp

@@ -34 +34 @@
 const ClassInfo JavaRuntimeObject::s_info = { "JavaRuntimeObject", &RuntimeObject::s_info, 0, 0 };
 
-JavaRuntimeObject::JavaRuntimeObject(ExecState* exec, PassRefPtr<JavaInstance> instance)
-    : RuntimeObject(exec, instance)
+JavaRuntimeObject::JavaRuntimeObject(ExecState* exec, JSGlobalObject* globalObject, PassRefPtr<JavaInstance> instance)
+    : RuntimeObject(exec, globalObject, instance)
 {
 }

trunk/WebCore/bridge/jni/jsc/JavaRuntimeObject.h

@@ -36 +36 @@
 class JavaRuntimeObject : public RuntimeObject {
 public:
-    JavaRuntimeObject(ExecState*, PassRefPtr<JavaInstance>);
+    JavaRuntimeObject(ExecState*, JSGlobalObject*, PassRefPtr<JavaInstance>);
     virtual ~JavaRuntimeObject();
 

trunk/WebCore/bridge/jsc/BridgeJSC.cpp

@@ -99 +99 @@
 {
     JSLock lock(SilenceAssertionsOnly);
-    return new (exec)RuntimeObject(exec, this);
+    return new (exec)RuntimeObject(exec, exec->lexicalGlobalObject(), this);
 }
 

trunk/WebCore/bridge/objc/ObjCRuntimeObject.h

@@ -36 +36 @@
 class ObjCRuntimeObject : public RuntimeObject {
 public:
-    ObjCRuntimeObject(ExecState*, PassRefPtr<ObjcInstance>);
+    ObjCRuntimeObject(ExecState*, JSGlobalObject*, PassRefPtr<ObjcInstance>);
     virtual ~ObjCRuntimeObject();
 

trunk/WebCore/bridge/objc/ObjCRuntimeObject.mm

@@ -34 +34 @@
 const ClassInfo ObjCRuntimeObject::s_info = { "ObjCRuntimeObject", &RuntimeObject::s_info, 0, 0 };
 
-ObjCRuntimeObject::ObjCRuntimeObject(ExecState* exec, PassRefPtr<ObjcInstance> instance)
-    : RuntimeObject(exec, instance)
+ObjCRuntimeObject::ObjCRuntimeObject(ExecState* exec, JSGlobalObject* globalObject, PassRefPtr<ObjcInstance> instance)
+    : RuntimeObject(exec, globalObject, instance)
 {
 }

trunk/WebCore/bridge/objc/objc_class.mm

@@ -247 +247 @@
     if (![targetObject respondsToSelector:@selector(invokeUndefinedMethodFromWebScript:withArguments:)])
         return jsUndefined();
-    return new (exec) ObjcFallbackObjectImp(exec, objcInstance, propertyName);
-}
-
-}
-}
+    return new (exec) ObjcFallbackObjectImp(exec, exec->lexicalGlobalObject(), objcInstance, propertyName);
+}
+
+}
+}

trunk/WebCore/bridge/objc/objc_instance.mm

@@ -66 +66 @@
 RuntimeObject* ObjcInstance::newRuntimeObject(ExecState* exec)
 {
-    return new (exec) ObjCRuntimeObject(exec, this);
+    return new (exec) ObjCRuntimeObject(exec, exec->lexicalGlobalObject(), this);
 }
 
@@ -177 +177 @@
 class ObjCRuntimeMethod : public RuntimeMethod {
 public:
-    ObjCRuntimeMethod(ExecState* exec, const Identifier& name, Bindings::MethodList& list)
-        : RuntimeMethod(exec, name, list)
+    ObjCRuntimeMethod(ExecState* exec, JSGlobalObject* globalObject, const Identifier& name, Bindings::MethodList& list)
+        : RuntimeMethod(exec, globalObject, name, list)
     {
     }
@@ -192 +192 @@
 {
     MethodList methodList = getClass()->methodsNamed(propertyName, this);
-    return new (exec) ObjCRuntimeMethod(exec, propertyName, methodList);
+    return new (exec) ObjCRuntimeMethod(exec, exec->lexicalGlobalObject(), propertyName, methodList);
 }
 

trunk/WebCore/bridge/objc/objc_runtime.h

@@ -30 +30 @@
 #include "objc_header.h"
 #include <runtime/JSGlobalObject.h>
+#include <runtime/JSObjectWithGlobalObject.h>
 #include <wtf/RetainPtr.h>
 
@@ -90 +91 @@
 };
 
-class ObjcFallbackObjectImp : public JSObject {
+class ObjcFallbackObjectImp : public JSObjectWithGlobalObject {
 public:
-    ObjcFallbackObjectImp(ExecState*, ObjcInstance*, const Identifier& propertyName);
+    ObjcFallbackObjectImp(ExecState*, JSGlobalObject*, ObjcInstance*, const Identifier& propertyName);
 
     static const ClassInfo s_info;

trunk/WebCore/bridge/objc/objc_runtime.mm

@@ -190 +190 @@
 const ClassInfo ObjcFallbackObjectImp::s_info = { "ObjcFallbackObject", 0, 0, 0 };
 
-ObjcFallbackObjectImp::ObjcFallbackObjectImp(ExecState* exec, ObjcInstance* i, const Identifier& propertyName)
+ObjcFallbackObjectImp::ObjcFallbackObjectImp(ExecState* exec, JSGlobalObject* globalObject, ObjcInstance* i, const Identifier& propertyName)
     // FIXME: deprecatedGetDOMStructure uses the prototype off of the wrong global object
-    : JSObject(deprecatedGetDOMStructure<ObjcFallbackObjectImp>(exec))
+    : JSObjectWithGlobalObject(globalObject, deprecatedGetDOMStructure<ObjcFallbackObjectImp>(exec))
     , _instance(i)
     , _item(propertyName)

trunk/WebCore/bridge/runtime_method.cpp

@@ -44 +44 @@
 const ClassInfo RuntimeMethod::s_info = { "RuntimeMethod", &InternalFunction::info, 0, 0 };
 
-RuntimeMethod::RuntimeMethod(ExecState* exec, const Identifier& ident, Bindings::MethodList& m)
+RuntimeMethod::RuntimeMethod(ExecState* exec, JSGlobalObject* globalObject, const Identifier& ident, Bindings::MethodList& m)
     // FIXME: deprecatedGetDOMStructure uses the prototype off of the wrong global object
     // exec-globalData() is also likely wrong.
     // Callers will need to pass in the right global object corresponding to this native object "m".
-    : InternalFunction(&exec->globalData(), deprecatedGetDOMStructure<RuntimeMethod>(exec), ident)
+    : InternalFunction(&exec->globalData(), globalObject, deprecatedGetDOMStructure<RuntimeMethod>(exec), ident)
     , _methodList(new MethodList(m))
 {

trunk/WebCore/bridge/runtime_method.h

@@ -36 +36 @@
 class RuntimeMethod : public InternalFunction {
 public:
-    RuntimeMethod(ExecState*, const Identifier& name, Bindings::MethodList&);
+    RuntimeMethod(ExecState*, JSGlobalObject*, const Identifier& name, Bindings::MethodList&);
     Bindings::MethodList* methods() const { return _methodList.get(); }
 

trunk/WebCore/bridge/runtime_object.cpp

@@ -39 +39 @@
 const ClassInfo RuntimeObject::s_info = { "RuntimeObject", 0, 0, 0 };
 
-RuntimeObject::RuntimeObject(ExecState* exec, PassRefPtr<Instance> instance)
+RuntimeObject::RuntimeObject(ExecState* exec, JSGlobalObject* globalObject, PassRefPtr<Instance> instance)
     // FIXME: deprecatedGetDOMStructure uses the prototype off of the wrong global object
     // We need to pass in the right global object for "i".
-    : JSObject(deprecatedGetDOMStructure<RuntimeObject>(exec))
+    : JSObjectWithGlobalObject(globalObject, deprecatedGetDOMStructure<RuntimeObject>(exec))
     , m_instance(instance)
 {
 }
 
-RuntimeObject::RuntimeObject(ExecState*, NonNullPassRefPtr<Structure> structure, PassRefPtr<Instance> instance)
-    : JSObject(structure)
+RuntimeObject::RuntimeObject(ExecState*, JSGlobalObject* globalObject, NonNullPassRefPtr<Structure> structure, PassRefPtr<Instance> instance)
+    : JSObjectWithGlobalObject(globalObject, structure)
     , m_instance(instance)
 {

trunk/WebCore/bridge/runtime_object.h

@@ -29 +29 @@
 #include "Bridge.h"
 #include <runtime/JSGlobalObject.h>
+#include <runtime/JSObjectWithGlobalObject.h>
 
 namespace JSC {
 namespace Bindings {
 
-class RuntimeObject : public JSObject {
+class RuntimeObject : public JSObjectWithGlobalObject {
 public:
-    RuntimeObject(ExecState*, PassRefPtr<Instance>);
+    RuntimeObject(ExecState*, JSGlobalObject*, PassRefPtr<Instance>);
     virtual ~RuntimeObject();
 
@@ -68 +69 @@
 protected:
     static const unsigned StructureFlags = OverridesGetOwnPropertySlot | OverridesGetPropertyNames | JSObject::StructureFlags;
-    RuntimeObject(ExecState*, NonNullPassRefPtr<Structure>, PassRefPtr<Instance>);
+    RuntimeObject(ExecState*, JSGlobalObject*, NonNullPassRefPtr<Structure>, PassRefPtr<Instance>);
 
 private:

trunk/WebKit/mac/ChangeLog

@@ +1 @@
+2010-05-21  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Geoffrey Garen.
+
+        All callable objects should have a global object reference
+        https://bugs.webkit.org/show_bug.cgi?id=39495
+
+        Update the plugin proxy to handle the need for global object.
+
+        * Plugins/Hosted/ProxyInstance.mm:
+        (WebKit::ProxyInstance::newRuntimeObject):
+        (WebKit::ProxyRuntimeMethod::ProxyRuntimeMethod):
+        (WebKit::ProxyInstance::getMethod):
+        * Plugins/Hosted/ProxyRuntimeObject.h:
+        * Plugins/Hosted/ProxyRuntimeObject.mm:
+        (WebKit::ProxyRuntimeObject::ProxyRuntimeObject):
+
 2010-05-21  Steve Block  <steveblock@google.com>
 

trunk/WebKit/mac/Plugins/Hosted/ProxyInstance.mm

@@ -134 +134 @@
 RuntimeObject* ProxyInstance::newRuntimeObject(ExecState* exec)
 {
-    return new (exec) ProxyRuntimeObject(exec, this);
+    return new (exec) ProxyRuntimeObject(exec, exec->lexicalGlobalObject(), this);
 }
 
@@ -179 +179 @@
 class ProxyRuntimeMethod : public RuntimeMethod {
 public:
-    ProxyRuntimeMethod(ExecState* exec, const Identifier& name, Bindings::MethodList& list)
-        : RuntimeMethod(exec, name, list)
+    ProxyRuntimeMethod(ExecState* exec, JSGlobalObject* globalObject, const Identifier& name, Bindings::MethodList& list)
+        : RuntimeMethod(exec, globalObject, name, list)
     {
     }
@@ -194 +194 @@
 {
     MethodList methodList = getClass()->methodsNamed(propertyName, this);
-    return new (exec) ProxyRuntimeMethod(exec, propertyName, methodList);
+    return new (exec) ProxyRuntimeMethod(exec, exec->lexicalGlobalObject(), propertyName, methodList);
 }
 

trunk/WebKit/mac/Plugins/Hosted/ProxyRuntimeObject.h

@@ -37 +37 @@
 class ProxyRuntimeObject : public JSC::Bindings::RuntimeObject {
 public:
-    ProxyRuntimeObject(JSC::ExecState*, PassRefPtr<ProxyInstance>);
+    ProxyRuntimeObject(JSC::ExecState*, JSC::JSGlobalObject*, PassRefPtr<ProxyInstance>);
     virtual ~ProxyRuntimeObject();
 

trunk/WebKit/mac/Plugins/Hosted/ProxyRuntimeObject.mm

@@ -36 +36 @@
 const ClassInfo ProxyRuntimeObject::s_info = { "ProxyRuntimeObject", &RuntimeObject::s_info, 0, 0 };
 
-ProxyRuntimeObject::ProxyRuntimeObject(ExecState* exec, PassRefPtr<ProxyInstance> instance)
-    : RuntimeObject(exec, instance)
+ProxyRuntimeObject::ProxyRuntimeObject(ExecState* exec, JSGlobalObject* globalObject, PassRefPtr<ProxyInstance> instance)
+    : RuntimeObject(exec, globalObject, instance)
 {
 }