Changeset 77269 in webkit

Timestamp:

Feb 1, 2011 12:17:21 PM (13 years ago)

Author:

oliver@apple.com

Message:

2011-01-31 Oliver Hunt <​oliver@apple.com>

Reviewed by Geoffrey Garen.

Update JSObject storage for new marking API
​https://bugs.webkit.org/show_bug.cgi?id=53467

JSObject no longer uses EncodedJSValue for its property storage.
This produces a stream of mechanical changes to PropertySlot and
anonymous storage APIs.

• JavaScriptCore.exp:
• runtime/ArrayPrototype.cpp: (JSC::ArrayPrototype::ArrayPrototype):
• runtime/BooleanConstructor.cpp: (JSC::constructBoolean): (JSC::constructBooleanFromImmediateBoolean):
• runtime/BooleanObject.cpp: (JSC::BooleanObject::BooleanObject):
• runtime/BooleanObject.h:
• runtime/BooleanPrototype.cpp: (JSC::BooleanPrototype::BooleanPrototype):
• runtime/DateInstance.cpp: (JSC::DateInstance::DateInstance):
• runtime/DatePrototype.cpp: (JSC::DatePrototype::DatePrototype):
• runtime/JSActivation.cpp: (JSC::JSActivation::getOwnPropertySlot):
• runtime/JSArray.cpp: (JSC::JSArray::getOwnPropertySlot):
• runtime/JSFunction.cpp: (JSC::JSFunction::getOwnPropertySlot):
• runtime/JSGlobalObject.h: (JSC::JSGlobalObject::JSGlobalObject):
• runtime/JSObject.cpp: (JSC::JSObject::fillGetterPropertySlot):
• runtime/JSObject.h: (JSC::JSObject::getDirectLocation): (JSC::JSObject::offsetForLocation): (JSC::JSObject::putAnonymousValue): (JSC::JSObject::clearAnonymousValue): (JSC::JSObject::getAnonymousValue): (JSC::JSObject::putThisToAnonymousValue): (JSC::JSObject::locationForOffset): (JSC::JSObject::inlineGetOwnPropertySlot):
• runtime/JSObjectWithGlobalObject.cpp: (JSC::JSObjectWithGlobalObject::JSObjectWithGlobalObject):
• runtime/JSWrapperObject.h: (JSC::JSWrapperObject::JSWrapperObject): (JSC::JSWrapperObject::setInternalValue):
• runtime/Lookup.cpp: (JSC::setUpStaticFunctionSlot):
• runtime/NumberConstructor.cpp: (JSC::constructWithNumberConstructor):
• runtime/NumberObject.cpp: (JSC::NumberObject::NumberObject): (JSC::constructNumber):
• runtime/NumberObject.h:
• runtime/NumberPrototype.cpp: (JSC::NumberPrototype::NumberPrototype):
• runtime/PropertySlot.h: (JSC::PropertySlot::getValue): (JSC::PropertySlot::setValue): (JSC::PropertySlot::setRegisterSlot):
• runtime/StringObject.cpp: (JSC::StringObject::StringObject):
• runtime/StringPrototype.cpp: (JSC::StringPrototype::StringPrototype):
• runtime/WriteBarrier.h: (JSC::WriteBarrierBase::setWithoutWriteBarrier):

2011-01-31 Oliver Hunt <​oliver@apple.com>

Reviewed by Geoffrey Garen.

Update JSObject storage for new marking API
​https://bugs.webkit.org/show_bug.cgi?id=53467

Update WebCore to handle new anonymous slot behaviour.

• bindings/js/JSDOMWindowShell.cpp: (WebCore::JSDOMWindowShell::setWindow):
• bindings/js/WorkerScriptController.cpp: (WebCore::WorkerScriptController::initScript):
• bindings/scripts/CodeGeneratorJS.pm:

Location:

trunk/Source

Files:

• JavaScriptCore/ChangeLog (modified) (1 diff)
• JavaScriptCore/JavaScriptCore.exp (modified) (1 diff)
• JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def (modified) (1 diff)
• JavaScriptCore/runtime/ArrayPrototype.cpp (modified) (1 diff)
• JavaScriptCore/runtime/BooleanConstructor.cpp (modified) (2 diffs)
• JavaScriptCore/runtime/BooleanObject.cpp (modified) (1 diff)
• JavaScriptCore/runtime/BooleanObject.h (modified) (1 diff)
• JavaScriptCore/runtime/BooleanPrototype.cpp (modified) (1 diff)
• JavaScriptCore/runtime/DateInstance.cpp (modified) (3 diffs)
• JavaScriptCore/runtime/DatePrototype.cpp (modified) (1 diff)
• JavaScriptCore/runtime/JSActivation.cpp (modified) (1 diff)
• JavaScriptCore/runtime/JSArray.cpp (modified) (2 diffs)
• JavaScriptCore/runtime/JSFunction.cpp (modified) (2 diffs)
• JavaScriptCore/runtime/JSGlobalObject.h (modified) (3 diffs)
• JavaScriptCore/runtime/JSObject.cpp (modified) (1 diff)
• JavaScriptCore/runtime/JSObject.h (modified) (7 diffs)
• JavaScriptCore/runtime/JSObjectWithGlobalObject.cpp (modified) (1 diff)
• JavaScriptCore/runtime/JSWrapperObject.h (modified) (3 diffs)
• JavaScriptCore/runtime/Lookup.cpp (modified) (2 diffs)
• JavaScriptCore/runtime/NumberConstructor.cpp (modified) (1 diff)
• JavaScriptCore/runtime/NumberObject.cpp (modified) (2 diffs)
• JavaScriptCore/runtime/NumberObject.h (modified) (1 diff)
• JavaScriptCore/runtime/NumberPrototype.cpp (modified) (1 diff)
• JavaScriptCore/runtime/PropertySlot.h (modified) (7 diffs)
• JavaScriptCore/runtime/StringObject.cpp (modified) (3 diffs)
• JavaScriptCore/runtime/StringPrototype.cpp (modified) (1 diff)
• JavaScriptCore/runtime/WriteBarrier.h (modified) (2 diffs)
• WebCore/ChangeLog (modified) (1 diff)
• WebCore/bindings/js/JSDOMWindowShell.cpp (modified) (1 diff)
• WebCore/bindings/js/WorkerScriptController.cpp (modified) (2 diffs)
• WebCore/bindings/scripts/CodeGeneratorJS.pm (modified) (2 diffs)

trunk/Source/JavaScriptCore/ChangeLog

@@ +1 @@
+2011-01-31  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Geoffrey Garen.
+
+        Update JSObject storage for new marking API
+        https://bugs.webkit.org/show_bug.cgi?id=53467
+
+        JSObject no longer uses EncodedJSValue for its property storage.
+        This produces a stream of mechanical changes to PropertySlot and
+        anonymous storage APIs.
+
+        * JavaScriptCore.exp:
+        * runtime/ArrayPrototype.cpp:
+        (JSC::ArrayPrototype::ArrayPrototype):
+        * runtime/BooleanConstructor.cpp:
+        (JSC::constructBoolean):
+        (JSC::constructBooleanFromImmediateBoolean):
+        * runtime/BooleanObject.cpp:
+        (JSC::BooleanObject::BooleanObject):
+        * runtime/BooleanObject.h:
+        * runtime/BooleanPrototype.cpp:
+        (JSC::BooleanPrototype::BooleanPrototype):
+        * runtime/DateInstance.cpp:
+        (JSC::DateInstance::DateInstance):
+        * runtime/DatePrototype.cpp:
+        (JSC::DatePrototype::DatePrototype):
+        * runtime/JSActivation.cpp:
+        (JSC::JSActivation::getOwnPropertySlot):
+        * runtime/JSArray.cpp:
+        (JSC::JSArray::getOwnPropertySlot):
+        * runtime/JSFunction.cpp:
+        (JSC::JSFunction::getOwnPropertySlot):
+        * runtime/JSGlobalObject.h:
+        (JSC::JSGlobalObject::JSGlobalObject):
+        * runtime/JSObject.cpp:
+        (JSC::JSObject::fillGetterPropertySlot):
+        * runtime/JSObject.h:
+        (JSC::JSObject::getDirectLocation):
+        (JSC::JSObject::offsetForLocation):
+        (JSC::JSObject::putAnonymousValue):
+        (JSC::JSObject::clearAnonymousValue):
+        (JSC::JSObject::getAnonymousValue):
+        (JSC::JSObject::putThisToAnonymousValue):
+        (JSC::JSObject::locationForOffset):
+        (JSC::JSObject::inlineGetOwnPropertySlot):
+        * runtime/JSObjectWithGlobalObject.cpp:
+        (JSC::JSObjectWithGlobalObject::JSObjectWithGlobalObject):
+        * runtime/JSWrapperObject.h:
+        (JSC::JSWrapperObject::JSWrapperObject):
+        (JSC::JSWrapperObject::setInternalValue):
+        * runtime/Lookup.cpp:
+        (JSC::setUpStaticFunctionSlot):
+        * runtime/NumberConstructor.cpp:
+        (JSC::constructWithNumberConstructor):
+        * runtime/NumberObject.cpp:
+        (JSC::NumberObject::NumberObject):
+        (JSC::constructNumber):
+        * runtime/NumberObject.h:
+        * runtime/NumberPrototype.cpp:
+        (JSC::NumberPrototype::NumberPrototype):
+        * runtime/PropertySlot.h:
+        (JSC::PropertySlot::getValue):
+        (JSC::PropertySlot::setValue):
+        (JSC::PropertySlot::setRegisterSlot):
+        * runtime/StringObject.cpp:
+        (JSC::StringObject::StringObject):
+        * runtime/StringPrototype.cpp:
+        (JSC::StringPrototype::StringPrototype):
+        * runtime/WriteBarrier.h:
+        (JSC::WriteBarrierBase::setWithoutWriteBarrier):
+
 2011-02-01  Daniel Bates  <dbates@rim.com>
 

trunk/Source/JavaScriptCore/JavaScriptCore.exp

@@ -296 +296 @@
 __ZN3JSC8JSObject19getOwnPropertyNamesEPNS_9ExecStateERNS_17PropertyNameArrayENS_15EnumerationModeE
 __ZN3JSC8JSObject21getPropertyDescriptorEPNS_9ExecStateERKNS_10IdentifierERNS_18PropertyDescriptorE
-__ZN3JSC8JSObject22fillGetterPropertySlotERNS_12PropertySlotEPNS_7JSValueE  
+__ZN3JSC8JSObject22fillGetterPropertySlotERNS_12PropertySlotEPNS_16WriteBarrierBaseINS_7UnknownEEE
 __ZN3JSC8JSObject23allocatePropertyStorageEmm
 __ZN3JSC8JSObject24getOwnPropertyDescriptorEPNS_9ExecStateERKNS_10IdentifierERNS_18PropertyDescriptorE

trunk/Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def

@@ -157 +157 @@
     ?fastStrDup@WTF@@YAPADPBD@Z
     ?fastZeroedMalloc@WTF@@YAPAXI@Z
-    ?fillGetterPropertySlot@JSObject@JSC@@QAEXAAVPropertySlot@2@PAVJSValue@2@@Z
+    ?fillGetterPropertySlot@JSObject@JSC@@QAEXAAVPropertySlot@2@PAV?$WriteBarrierBase@W4Unknown@JSC@@@2@@Z
     ?focus@Profile@JSC@@QAEXPBVProfileNode@2@@Z
     ?free@WeakGCHandlePool@JSC@@QAEXPAVWeakGCHandle@2@@Z

trunk/Source/JavaScriptCore/runtime/ArrayPrototype.cpp

@@ -118 +118 @@
     : JSArray(structure)
 {
-    putAnonymousValue(0, globalObject);
+    putAnonymousValue(globalObject->globalData(), 0, globalObject);
 }
 

trunk/Source/JavaScriptCore/runtime/BooleanConstructor.cpp

@@ -41 +41 @@
 JSObject* constructBoolean(ExecState* exec, const ArgList& args)
 {
-    BooleanObject* obj = new (exec) BooleanObject(exec->lexicalGlobalObject()->booleanObjectStructure());
+    BooleanObject* obj = new (exec) BooleanObject(exec->globalData(), exec->lexicalGlobalObject()->booleanObjectStructure());
     obj->setInternalValue(exec->globalData(), jsBoolean(args.at(0).toBoolean(exec)));
     return obj;
@@ -72 +72 @@
 JSObject* constructBooleanFromImmediateBoolean(ExecState* exec, JSValue immediateBooleanValue)
 {
-    BooleanObject* obj = new (exec) BooleanObject(exec->lexicalGlobalObject()->booleanObjectStructure());
+    BooleanObject* obj = new (exec) BooleanObject(exec->globalData(), exec->lexicalGlobalObject()->booleanObjectStructure());
     obj->setInternalValue(exec->globalData(), immediateBooleanValue);
     return obj;

trunk/Source/JavaScriptCore/runtime/BooleanObject.cpp

@@ -28 +28 @@
 const ClassInfo BooleanObject::info = { "Boolean", 0, 0, 0 };
 
-BooleanObject::BooleanObject(NonNullPassRefPtr<Structure> structure)
-    : JSWrapperObject(structure)
+BooleanObject::BooleanObject(JSGlobalData& globalData, NonNullPassRefPtr<Structure> structure)
+    : JSWrapperObject(globalData, structure)
 {
 }

trunk/Source/JavaScriptCore/runtime/BooleanObject.h

@@ -28 +28 @@
     class BooleanObject : public JSWrapperObject {
     public:
-        explicit BooleanObject(NonNullPassRefPtr<Structure>);
+        explicit BooleanObject(JSGlobalData& globalData, NonNullPassRefPtr<Structure>);
 
         virtual const ClassInfo* classInfo() const { return &info; }

trunk/Source/JavaScriptCore/runtime/BooleanPrototype.cpp

@@ -40 +40 @@
 
 BooleanPrototype::BooleanPrototype(ExecState* exec, JSGlobalObject* globalObject, NonNullPassRefPtr<Structure> structure, Structure* prototypeFunctionStructure)
-    : BooleanObject(structure)
+    : BooleanObject(exec->globalData(), structure)
 {
     setInternalValue(exec->globalData(), jsBoolean(false));

trunk/Source/JavaScriptCore/runtime/DateInstance.cpp

@@ -36 +36 @@
 
 DateInstance::DateInstance(ExecState* exec, NonNullPassRefPtr<Structure> structure)
-    : JSWrapperObject(structure)
+    : JSWrapperObject(exec->globalData(), structure)
 {
     setInternalValue(exec->globalData(), jsNaN());
@@ -42 +42 @@
 
 DateInstance::DateInstance(ExecState* exec, NonNullPassRefPtr<Structure> structure, double time)
-    : JSWrapperObject(structure)
+    : JSWrapperObject(exec->globalData(), structure)
 {
     setInternalValue(exec->globalData(), jsNumber(timeClip(time)));
@@ -48 +48 @@
 
 DateInstance::DateInstance(ExecState* exec, double time)
-    : JSWrapperObject(exec->lexicalGlobalObject()->dateStructure())
+    : JSWrapperObject(exec->globalData(), exec->lexicalGlobalObject()->dateStructure())
 {
     setInternalValue(exec->globalData(), jsNumber(timeClip(time)));

trunk/Source/JavaScriptCore/runtime/DatePrototype.cpp

@@ -434 +434 @@
 {
     // The constructor will be added later, after DateConstructor has been built.
-    putAnonymousValue(0, globalObject);
+    putAnonymousValue(exec->globalData(), 0, globalObject);
 }
 

trunk/Source/JavaScriptCore/runtime/JSActivation.cpp

@@ -133 +133 @@
         return true;
 
-    if (JSValue* location = getDirectLocation(propertyName)) {
-        slot.setValueSlot(location);
+    if (WriteBarrierBase<Unknown>* location = getDirectLocation(propertyName)) {
+        slot.setValue(location->get());
         return true;
     }

trunk/Source/JavaScriptCore/runtime/JSArray.cpp

@@ -258 +258 @@
 
     if (i < m_vectorLength) {
-        WriteBarrier<Unknown>& valueSlot = storage->m_vector[i];
-        if (valueSlot) {
-            slot.setValueSlot(valueSlot.slot());
+        JSValue value = storage->m_vector[i].get();
+        if (value) {
+            slot.setValue(value);
             return true;
         }
@@ -267 +267 @@
             SparseArrayValueMap::iterator it = map->find(i);
             if (it != map->end()) {
-                slot.setValueSlot(it->second.slot());
+                slot.setValue(it->second.get());
                 return true;
             }

trunk/Source/JavaScriptCore/runtime/JSFunction.cpp

@@ -204 +204 @@
 
     if (propertyName == exec->propertyNames().prototype) {
-        JSValue* location = getDirectLocation(propertyName);
+        WriteBarrierBase<Unknown>* location = getDirectLocation(propertyName);
 
         if (!location) {
@@ -213 +213 @@
         }
 
-        slot.setValueSlot(this, location, offsetForLocation(location));
+        slot.setValue(this, location->get(), offsetForLocation(location));
     }
 

trunk/Source/JavaScriptCore/runtime/JSGlobalObject.h

@@ -148 +148 @@
         {
             COMPILE_ASSERT(JSGlobalObject::AnonymousSlotCount == 1, JSGlobalObject_has_only_a_single_slot);
-            putAnonymousValue(0, this);
+            putThisToAnonymousValue(0);
             init(this);
         }
@@ -156 +156 @@
         {
             COMPILE_ASSERT(JSGlobalObject::AnonymousSlotCount == 1, JSGlobalObject_has_only_a_single_slot);
-            putAnonymousValue(0, this);
+            putThisToAnonymousValue(0);
             init(this);
         }
@@ -165 +165 @@
         {
             COMPILE_ASSERT(JSGlobalObject::AnonymousSlotCount == 1, JSGlobalObject_has_only_a_single_slot);
-            putAnonymousValue(0, this);
+            putThisToAnonymousValue(0);
             init(thisValue);
         }

trunk/Source/JavaScriptCore/runtime/JSObject.cpp

@@ -543 +543 @@
 }
 
-NEVER_INLINE void JSObject::fillGetterPropertySlot(PropertySlot& slot, JSValue* location)
-{
-    if (JSObject* getterFunction = asGetterSetter(*location)->getter()) {
+NEVER_INLINE void JSObject::fillGetterPropertySlot(PropertySlot& slot, WriteBarrierBase<Unknown>* location)
+{
+    if (JSObject* getterFunction = asGetterSetter(location->get())->getter()) {
         if (!structure()->isDictionary())
             slot.setCacheableGetterSlot(this, getterFunction, offsetForLocation(location));

trunk/Source/JavaScriptCore/runtime/JSObject.h

@@ -156 +156 @@
         }
 
-        JSValue* getDirectLocation(const Identifier& propertyName)
+        WriteBarrierBase<Unknown>* getDirectLocation(const Identifier& propertyName)
         {
             size_t offset = m_structure->get(propertyName);
@@ -162 +162 @@
         }
 
-        JSValue* getDirectLocation(const Identifier& propertyName, unsigned& attributes)
+        WriteBarrierBase<Unknown>* getDirectLocation(const Identifier& propertyName, unsigned& attributes)
         {
             JSCell* specificFunction;
@@ -169 +169 @@
         }
 
-        size_t offsetForLocation(JSValue* location) const
-        {
-            return location - reinterpret_cast<const JSValue*>(propertyStorage());
+        size_t offsetForLocation(WriteBarrierBase<Unknown>* location) const
+        {
+            return location - propertyStorage();
         }
 
@@ -199 +199 @@
         void putUndefinedAtDirectOffset(size_t offset) { propertyStorage()[offset].setUndefined(); }
 
-        void fillGetterPropertySlot(PropertySlot&, JSValue* location);
+        void fillGetterPropertySlot(PropertySlot&, WriteBarrierBase<Unknown>* location);
 
         virtual void defineGetter(ExecState*, const Identifier& propertyName, JSObject* getterFunction, unsigned attributes = 0);
@@ -232 +232 @@
         }
 
-        void putAnonymousValue(unsigned index, JSValue value)
+        void putAnonymousValue(JSGlobalData& globalData, unsigned index, JSValue value)
         {
             ASSERT(index < m_structure->anonymousSlotCount());
-            *locationForOffset(index) = value;
+            locationForOffset(index)->set(globalData, this, value);
+        }
+        void clearAnonymousValue(unsigned index)
+        {
+            ASSERT(index < m_structure->anonymousSlotCount());
+            locationForOffset(index)->clear();
         }
         JSValue getAnonymousValue(unsigned index) const
         {
             ASSERT(index < m_structure->anonymousSlotCount());
-            return *locationForOffset(index);
+            return locationForOffset(index)->get();
         }
         
     protected:
         static const unsigned StructureFlags = 0;
+        
+        void putThisToAnonymousValue(unsigned index)
+        {
+            locationForOffset(index)->setWithoutWriteBarrier(this);
+        }
         
     private:
@@ -255 +265 @@
         void isObject();
         void isString();
-
+        
         ConstPropertyStorage propertyStorage() const { return (isUsingInlineStorage() ? m_inlineStorage : m_externalStorage); }
         PropertyStorage propertyStorage() { return (isUsingInlineStorage() ? m_inlineStorage : m_externalStorage); }
 
-        const JSValue* locationForOffset(size_t offset) const
-        {
-            return reinterpret_cast<const JSValue*>(&propertyStorage()[offset]);
-        }
-
-        JSValue* locationForOffset(size_t offset)
-        {
-            return reinterpret_cast<JSValue*>(&propertyStorage()[offset]);
+        const WriteBarrierBase<Unknown>* locationForOffset(size_t offset) const
+        {
+            return &propertyStorage()[offset];
+        }
+
+        WriteBarrierBase<Unknown>* locationForOffset(size_t offset)
+        {
+            return &propertyStorage()[offset];
         }
 
@@ -374 +384 @@
 ALWAYS_INLINE bool JSObject::inlineGetOwnPropertySlot(ExecState* exec, const Identifier& propertyName, PropertySlot& slot)
 {
-    if (JSValue* location = getDirectLocation(propertyName)) {
-        if (m_structure->hasGetterSetterProperties() && location[0].isGetterSetter())
+    if (WriteBarrierBase<Unknown>* location = getDirectLocation(propertyName)) {
+        if (m_structure->hasGetterSetterProperties() && location->isGetterSetter())
             fillGetterPropertySlot(slot, location);
         else
-            slot.setValueSlot(this, location, offsetForLocation(location));
+            slot.setValue(this, location->get(), offsetForLocation(location));
         return true;
     }

trunk/Source/JavaScriptCore/runtime/JSObjectWithGlobalObject.cpp

@@ -36 +36 @@
     COMPILE_ASSERT(AnonymousSlotCount == 1, AnonymousSlotCount_must_be_one);
     ASSERT(!globalObject || globalObject->isGlobalObject());
-    putAnonymousValue(GlobalObjectSlot, globalObject);
+    if (!globalObject)
+        clearAnonymousValue(GlobalObjectSlot);
+    else
+        putAnonymousValue(globalObject->globalData(), GlobalObjectSlot, globalObject);
 }
 

trunk/Source/JavaScriptCore/runtime/JSWrapperObject.h

@@ -31 +31 @@
     class JSWrapperObject : public JSObject {
     protected:
-        explicit JSWrapperObject(NonNullPassRefPtr<Structure>);
+        explicit JSWrapperObject(JSGlobalData&, NonNullPassRefPtr<Structure>);
 
     public:
@@ -51 +51 @@
     };
 
-    inline JSWrapperObject::JSWrapperObject(NonNullPassRefPtr<Structure> structure)
+    inline JSWrapperObject::JSWrapperObject(JSGlobalData& globalData, NonNullPassRefPtr<Structure> structure)
         : JSObject(structure)
     {
-        putAnonymousValue(0, jsNull());
+        putAnonymousValue(globalData, 0, jsNull());
     }
 
@@ -62 +62 @@
         ASSERT(!value.isObject());
         m_internalValue.set(globalData, this, value);
-        putAnonymousValue(0, value);
+        putAnonymousValue(globalData, 0, value);
     }
 

trunk/Source/JavaScriptCore/runtime/Lookup.cpp

@@ -75 +75 @@
     ASSERT(thisObj->getAnonymousValue(0).isCell() && asObject(thisObj->getAnonymousValue(0).asCell())->isGlobalObject());
     ASSERT(entry->attributes() & Function);
-    JSValue* location = thisObj->getDirectLocation(propertyName);
+    WriteBarrierBase<Unknown>* location = thisObj->getDirectLocation(propertyName);
 
     if (!location) {
@@ -91 +91 @@
     }
 
-    slot.setValueSlot(thisObj, location, thisObj->offsetForLocation(location));
+    slot.setValue(thisObj, location->get(), thisObj->offsetForLocation(location));
 }
 

trunk/Source/JavaScriptCore/runtime/NumberConstructor.cpp

@@ -103 +103 @@
 static EncodedJSValue JSC_HOST_CALL constructWithNumberConstructor(ExecState* exec)
 {
-    NumberObject* object = new (exec) NumberObject(exec->lexicalGlobalObject()->numberObjectStructure());
+    NumberObject* object = new (exec) NumberObject(exec->globalData(), exec->lexicalGlobalObject()->numberObjectStructure());
     double n = exec->argumentCount() ? exec->argument(0).toNumber(exec) : 0;
     object->setInternalValue(exec->globalData(), jsNumber(n));

trunk/Source/JavaScriptCore/runtime/NumberObject.cpp

@@ -32 +32 @@
 const ClassInfo NumberObject::info = { "Number", 0, 0, 0 };
 
-NumberObject::NumberObject(NonNullPassRefPtr<Structure> structure)
-    : JSWrapperObject(structure)
+NumberObject::NumberObject(JSGlobalData& globalData, NonNullPassRefPtr<Structure> structure)
+    : JSWrapperObject(globalData, structure)
 {
 }
@@ -44 +44 @@
 NumberObject* constructNumber(ExecState* exec, JSValue number)
 {
-    NumberObject* object = new (exec) NumberObject(exec->lexicalGlobalObject()->numberObjectStructure());
+    NumberObject* object = new (exec) NumberObject(exec->globalData(), exec->lexicalGlobalObject()->numberObjectStructure());
     object->setInternalValue(exec->globalData(), number);
     return object;

trunk/Source/JavaScriptCore/runtime/NumberObject.h

@@ -28 +28 @@
     class NumberObject : public JSWrapperObject {
     public:
-        explicit NumberObject(NonNullPassRefPtr<Structure>);
+        explicit NumberObject(JSGlobalData&, NonNullPassRefPtr<Structure>);
 
         static const ClassInfo info;

trunk/Source/JavaScriptCore/runtime/NumberPrototype.cpp

@@ -48 +48 @@
 
 NumberPrototype::NumberPrototype(ExecState* exec, JSGlobalObject* globalObject, NonNullPassRefPtr<Structure> structure, Structure* prototypeFunctionStructure)
-    : NumberObject(structure)
+    : NumberObject(exec->globalData(), structure)
 {
     setInternalValue(exec->globalData(), jsNumber(0));

trunk/Source/JavaScriptCore/runtime/PropertySlot.h

@@ -33 +33 @@
     class JSObject;
 
-#define JSC_VALUE_SLOT_MARKER 0
-#define JSC_REGISTER_SLOT_MARKER reinterpret_cast<GetValueFunc>(1)
+#define JSC_VALUE_MARKER 0
 #define INDEX_GETTER_MARKER reinterpret_cast<GetValueFunc>(2)
 #define GETTER_FUNCTION_MARKER reinterpret_cast<GetValueFunc>(3)
@@ -68 +67 @@
         JSValue getValue(ExecState* exec, const Identifier& propertyName) const
         {
-            if (m_getValue == JSC_VALUE_SLOT_MARKER)
-                return *m_data.valueSlot;
-            if (m_getValue == JSC_REGISTER_SLOT_MARKER)
-                return (*m_data.registerSlot).jsValue();
+            if (m_getValue == JSC_VALUE_MARKER)
+                return m_value;
             if (m_getValue == INDEX_GETTER_MARKER)
                 return m_getIndexValue(exec, slotBase(), index());
@@ -81 +78 @@
         JSValue getValue(ExecState* exec, unsigned propertyName) const
         {
-            if (m_getValue == JSC_VALUE_SLOT_MARKER)
-                return *m_data.valueSlot;
-            if (m_getValue == JSC_REGISTER_SLOT_MARKER)
-                return (*m_data.registerSlot).jsValue();
+            if (m_getValue == JSC_VALUE_MARKER)
+                return m_value;
             if (m_getValue == INDEX_GETTER_MARKER)
                 return m_getIndexValue(exec, m_slotBase, m_data.index);
@@ -101 +96 @@
         }
 
-        void setValueSlot(JSValue* valueSlot) 
-        {
-            ASSERT(valueSlot);
-            clearBase();
-            clearOffset();
-            m_getValue = JSC_VALUE_SLOT_MARKER;
-            m_data.valueSlot = valueSlot;
+        void setValue(JSValue slotBase, JSValue value)
+        {
+            ASSERT(value);
+            clearOffset();
+            m_getValue = JSC_VALUE_MARKER;
+            m_slotBase = slotBase;
+            m_value = value;
         }
         
-        void setValueSlot(JSValue slotBase, JSValue* valueSlot)
-        {
-            ASSERT(valueSlot);
-            m_getValue = JSC_VALUE_SLOT_MARKER;
-            m_slotBase = slotBase;
-            m_data.valueSlot = valueSlot;
-        }
-        
-        void setValueSlot(JSValue slotBase, JSValue* valueSlot, size_t offset)
-        {
-            ASSERT(valueSlot);
-            m_getValue = JSC_VALUE_SLOT_MARKER;
-            m_slotBase = slotBase;
-            m_data.valueSlot = valueSlot;
+        void setValue(JSValue slotBase, JSValue value, size_t offset)
+        {
+            ASSERT(value);
+            m_getValue = JSC_VALUE_MARKER;
+            m_slotBase = slotBase;
+            m_value = value;
             m_offset = offset;
             m_cachedPropertyType = Value;
         }
-        
+
         void setValue(JSValue value)
         {
@@ -133 +120 @@
             clearBase();
             clearOffset();
-            m_getValue = JSC_VALUE_SLOT_MARKER;
+            m_getValue = JSC_VALUE_MARKER;
             m_value = value;
-            m_data.valueSlot = &m_value;
         }
 
@@ -143 +129 @@
             clearBase();
             clearOffset();
-            m_getValue = JSC_REGISTER_SLOT_MARKER;
-            m_data.registerSlot = registerSlot;
+            m_getValue = JSC_VALUE_MARKER;
+            m_value = registerSlot->jsValue();
         }
 
@@ -252 +238 @@
         union {
             JSObject* getterFunc;
-            JSValue* valueSlot;
-            Register* registerSlot;
             unsigned index;
         } m_data;

trunk/Source/JavaScriptCore/runtime/StringObject.cpp

@@ -31 +31 @@
 
 StringObject::StringObject(ExecState* exec, NonNullPassRefPtr<Structure> structure)
-    : JSWrapperObject(structure)
+    : JSWrapperObject(exec->globalData(), structure)
 {
     setInternalValue(exec->globalData(), jsEmptyString(exec));
@@ -37 +37 @@
 
 StringObject::StringObject(JSGlobalData& globalData, NonNullPassRefPtr<Structure> structure, JSString* string)
-    : JSWrapperObject(structure)
+    : JSWrapperObject(globalData, structure)
 {
     setInternalValue(globalData, string);
@@ -43 +43 @@
 
 StringObject::StringObject(ExecState* exec, NonNullPassRefPtr<Structure> structure, const UString& string)
-    : JSWrapperObject(structure)
+    : JSWrapperObject(exec->globalData(), structure)
 {
     setInternalValue(exec->globalData(), jsString(exec, string));

trunk/Source/JavaScriptCore/runtime/StringPrototype.cpp

@@ -135 +135 @@
     : StringObject(exec, structure)
 {
-    putAnonymousValue(0, globalObject);
+    putAnonymousValue(exec->globalData(), 0, globalObject);
     // The constructor will be added later, after StringConstructor has been built
     putDirectWithoutTransition(exec->globalData(), exec->propertyNames().length, jsNumber(0), DontDelete | ReadOnly | DontEnum);

trunk/Source/JavaScriptCore/runtime/WriteBarrier.h

@@ -98 +98 @@
     bool operator!() const { return !m_cell; }
 
+    void setWithoutWriteBarrier(T* value) { this->m_cell = reinterpret_cast<JSCell*>(value); }
+
 protected:
     JSCell* m_cell;
@@ -120 +122 @@
     void setUndefined() { m_value = JSValue::encode(jsUndefined()); }
     bool isNumber() const { return get().isNumber(); }
+    bool isGetterSetter() const { return get().isGetterSetter(); }
+    
     JSValue* slot()
     { 

trunk/Source/WebCore/ChangeLog

@@ +1 @@
+2011-01-31  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Geoffrey Garen.
+
+        Update JSObject storage for new marking API
+        https://bugs.webkit.org/show_bug.cgi?id=53467
+
+        Update WebCore to handle new anonymous slot behaviour.
+
+        * bindings/js/JSDOMWindowShell.cpp:
+        (WebCore::JSDOMWindowShell::setWindow):
+        * bindings/js/WorkerScriptController.cpp:
+        (WebCore::WorkerScriptController::initScript):
+        * bindings/scripts/CodeGeneratorJS.pm:
+
 2011-02-01  Xiaomei Ji  <xji@chromium.org>
 

trunk/Source/WebCore/bindings/js/JSDOMWindowShell.cpp

@@ -65 +65 @@
     RefPtr<Structure> structure = JSDOMWindow::createStructure(prototype);
     JSDOMWindow* jsDOMWindow = new (JSDOMWindow::commonJSGlobalData()) JSDOMWindow(structure.release(), domWindow, this);
-    prototype->putAnonymousValue(0, jsDOMWindow);
+    prototype->putAnonymousValue(*JSDOMWindow::commonJSGlobalData(), 0, jsDOMWindow);
     setWindow(*JSDOMWindow::commonJSGlobalData(), jsDOMWindow);
 }

trunk/Source/WebCore/bindings/js/WorkerScriptController.cpp

@@ -81 +81 @@
 
         m_workerContextWrapper = new (m_globalData.get()) JSDedicatedWorkerContext(structure.release(), m_workerContext->toDedicatedWorkerContext());
-        workerContextPrototype->putAnonymousValue(0, m_workerContextWrapper);
-        dedicatedContextPrototype->putAnonymousValue(0, m_workerContextWrapper);
+        workerContextPrototype->putAnonymousValue(*m_globalData, 0, m_workerContextWrapper);
+        dedicatedContextPrototype->putAnonymousValue(*m_globalData, 0, m_workerContextWrapper);
 #if ENABLE(SHARED_WORKERS)
     } else {
@@ -91 +91 @@
 
         m_workerContextWrapper = new (m_globalData.get()) JSSharedWorkerContext(structure.release(), m_workerContext->toSharedWorkerContext());
-        workerContextPrototype->putAnonymousValue(0, m_workerContextWrapper);
-        sharedContextPrototype->putAnonymousValue(0, m_workerContextWrapper);
+        workerContextPrototype->putAnonymousValue(*m_globalData, 0, m_workerContextWrapper);
+        sharedContextPrototype->putAnonymousValue(*m_globalData, 0, m_workerContextWrapper);
 #endif
     }

trunk/Source/WebCore/bindings/scripts/CodeGeneratorJS.pm

@@ -1435 +1435 @@
     if ($numCachedAttributes > 0) {
         push(@implContent, "    for (unsigned i = Base::AnonymousSlotCount; i < AnonymousSlotCount; i++)\n");
-        push(@implContent, "        putAnonymousValue(i, JSValue());\n");
+        push(@implContent, "        putAnonymousValue(globalObject->globalData(), i, JSValue());\n");
     }
     push(@implContent, "}\n\n");
@@ -1603 +1603 @@
                     }
                     
-                    push(@implContent, "    castedThis->putAnonymousValue(" . $className . "::" . $attribute->signature->name . "Slot, result);\n") if ($attribute->signature->extendedAttributes->{"CachedAttribute"});
+                    push(@implContent, "    castedThis->putAnonymousValue(exec->globalData(), " . $className . "::" . $attribute->signature->name . "Slot, result);\n") if ($attribute->signature->extendedAttributes->{"CachedAttribute"});
                     push(@implContent, "    return result;\n");