Changeset 79904 in webkit

Timestamp:

Feb 28, 2011 1:05:22 PM (13 years ago)

Author:

oliver@apple.com

Message:

2011-02-28 Oliver Hunt <​oliver@apple.com>

Reviewed by Gavin Barraclough.

Make ScopeChainNode GC allocated
​https://bugs.webkit.org/show_bug.cgi?id=55283

Simplify lifetime and other issues with the scopechain
by making it gc allocated. This allows us to simplify
function exit and unwinding, as well as making the
current iterative refcounting go away.

• JavaScriptCore.exp:
• JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
• bytecode/CodeBlock.cpp: (JSC::CodeBlock::createActivation):
• bytecode/StructureStubInfo.cpp:
• bytecompiler/BytecodeGenerator.cpp: (JSC::BytecodeGenerator::generate): (JSC::BytecodeGenerator::BytecodeGenerator): (JSC::BytecodeGenerator::emitJumpIfNotFunctionCall): (JSC::BytecodeGenerator::emitJumpIfNotFunctionApply):
• bytecompiler/BytecodeGenerator.h:
• debugger/Debugger.cpp: (JSC::Recompiler::operator()):
• debugger/DebuggerCallFrame.h: (JSC::DebuggerCallFrame::scopeChain):
• interpreter/CachedCall.h: (JSC::CachedCall::CachedCall):
• interpreter/CallFrame.h:
• interpreter/Interpreter.cpp: (JSC::depth): (JSC::Interpreter::unwindCallFrame): (JSC::Interpreter::throwException): (JSC::Interpreter::execute): (JSC::Interpreter::executeCall): (JSC::Interpreter::executeConstruct): (JSC::Interpreter::privateExecute):
• jit/JITCall.cpp: (JSC::JIT::compileOpCallInitializeCallFrame): (JSC::JIT::compileOpCall):
• jit/JITCall32_64.cpp: (JSC::JIT::compileOpCallInitializeCallFrame): (JSC::JIT::emit_op_ret): (JSC::JIT::emit_op_ret_object_or_this): (JSC::JIT::compileOpCall):
• jit/JITOpcodes.cpp: (JSC::JIT::emit_op_end): (JSC::JIT::emit_op_ret): (JSC::JIT::emit_op_ret_object_or_this):
• jit/JITOpcodes32_64.cpp: (JSC::JIT::emit_op_end):
• jit/JITStubs.cpp: (JSC::DEFINE_STUB_FUNCTION):
• jit/JITStubs.h:
• runtime/ArgList.cpp:
• runtime/Completion.cpp: (JSC::evaluate):
• runtime/Completion.h:
• runtime/DateConversion.cpp:
• runtime/Executable.cpp: (JSC::EvalExecutable::compileInternal): (JSC::ProgramExecutable::compileInternal): (JSC::FunctionExecutable::compileForCallInternal): (JSC::FunctionExecutable::compileForConstructInternal):
• runtime/FunctionConstructor.cpp: (JSC::constructFunction):
• runtime/GCActivityCallbackCF.cpp:
• runtime/Identifier.cpp:
• runtime/JSCell.h:
• runtime/JSChunk.cpp: Added.
• runtime/JSChunk.h: Added.
• runtime/JSFunction.cpp: (JSC::JSFunction::JSFunction): (JSC::JSFunction::markChildren): (JSC::JSFunction::getCallData): (JSC::JSFunction::getOwnPropertySlot): (JSC::JSFunction::getConstructData):
• runtime/JSFunction.h: (JSC::JSFunction::scope): (JSC::JSFunction::setScope):
• runtime/JSGlobalData.cpp: (JSC::JSGlobalData::JSGlobalData):
• runtime/JSGlobalData.h:
• runtime/JSGlobalObject.cpp: (JSC::JSGlobalObject::init): (JSC::JSGlobalObject::markChildren):
• runtime/JSGlobalObject.h: (JSC::JSGlobalObject::JSGlobalObjectData::JSGlobalObjectData): (JSC::JSGlobalObject::globalScopeChain):
• runtime/JSGlobalObjectFunctions.cpp: (JSC::globalFuncEval):
• runtime/JSLock.cpp:
• runtime/JSNumberCell.cpp:
• runtime/JSZombie.cpp:
• runtime/MarkedBlock.cpp:
• runtime/MarkedSpace.cpp:
• runtime/PropertyNameArray.cpp:
• runtime/ScopeChain.cpp: (JSC::ScopeChainNode::print): (JSC::ScopeChainNode::localDepth): (JSC::ScopeChainNode::markChildren):
• runtime/ScopeChain.h: (JSC::ScopeChainNode::ScopeChainNode): (JSC::ScopeChainNode::createStructure): (JSC::ScopeChainNode::push): (JSC::ScopeChainNode::pop): (JSC::ScopeChainIterator::ScopeChainIterator): (JSC::ScopeChainIterator::operator*): (JSC::ScopeChainIterator::operator->): (JSC::ScopeChainIterator::operator++): (JSC::ScopeChainNode::begin): (JSC::ScopeChainNode::end): (JSC::ExecState::globalData): (JSC::ExecState::lexicalGlobalObject): (JSC::ExecState::globalThisValue):
• runtime/ScopeChainMark.h:
• wtf/DateMath.cpp:

2011-02-28 Oliver Hunt <​oliver@apple.com>

Reviewed by Gavin Barraclough.

Make ScopeChainNode GC allocated
​https://bugs.webkit.org/show_bug.cgi?id=55283

Update WebCore to deal with the absence of the ScopeChain
class.

• ForwardingHeaders/runtime/ScopeChain.h: Added.
• bindings/js/JSHTMLElementCustom.cpp: (WebCore::JSHTMLElement::pushEventHandlerScope):
• bindings/js/JSJavaScriptCallFrameCustom.cpp: (WebCore::JSJavaScriptCallFrame::scopeChain): (WebCore::JSJavaScriptCallFrame::scopeType):
• bindings/js/JSLazyEventListener.cpp: (WebCore::JSLazyEventListener::initializeJSFunction):
• bindings/js/JSMainThreadExecState.h: (WebCore::JSMainThreadExecState::evaluate):
• bindings/js/JSNodeCustom.cpp: (WebCore::JSNode::pushEventHandlerScope):
• bindings/js/JavaScriptCallFrame.cpp: (WebCore::JavaScriptCallFrame::scopeChain):
• bindings/js/JavaScriptCallFrame.h:
• bindings/scripts/CodeGeneratorJS.pm:
• bridge/c/c_class.cpp:
• bridge/c/c_runtime.cpp:
• bridge/jni/JNIBridge.cpp:
• bridge/qt/qt_runtime.cpp: (JSC::Bindings::QtConnectionObject::execute):
• plugins/PluginViewNone.cpp:

2011-02-28 Oliver Hunt <​oliver@apple.com>

Reviewed by Gavin Barraclough.

Make ScopeChainNode GC allocated
​https://bugs.webkit.org/show_bug.cgi?id=55283

More updates for the absence of the ScopeChain class

• WebView/WebScriptDebugDelegate.mm: (-[WebScriptCallFrame scopeChain]):

Location:

trunk/Source

Files:

• JavaScriptCore/ChangeLog (modified) (1 diff)
• JavaScriptCore/JavaScriptCore.exp (modified) (2 diffs)
• JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def (modified) (1 diff)
• JavaScriptCore/bytecode/CodeBlock.cpp (modified) (1 diff)
• JavaScriptCore/bytecode/StructureStubInfo.cpp (modified) (1 diff)
• JavaScriptCore/bytecompiler/BytecodeGenerator.cpp (modified) (13 diffs)
• JavaScriptCore/bytecompiler/BytecodeGenerator.h (modified) (3 diffs)
• JavaScriptCore/debugger/Debugger.cpp (modified) (1 diff)
• JavaScriptCore/debugger/DebuggerCallFrame.h (modified) (1 diff)
• JavaScriptCore/interpreter/CachedCall.h (modified) (1 diff)
• JavaScriptCore/interpreter/CallFrame.h (modified) (3 diffs)
• JavaScriptCore/interpreter/Interpreter.cpp (modified) (18 diffs)
• JavaScriptCore/jit/JITCall.cpp (modified) (2 diffs)
• JavaScriptCore/jit/JITCall32_64.cpp (modified) (4 diffs)
• JavaScriptCore/jit/JITOpcodes.cpp (modified) (3 diffs)
• JavaScriptCore/jit/JITOpcodes32_64.cpp (modified) (1 diff)
• JavaScriptCore/jit/JITStubs.cpp (modified) (12 diffs)
• JavaScriptCore/jit/JITStubs.h (modified) (1 diff)
• JavaScriptCore/runtime/ArgList.cpp (modified) (1 diff)
• JavaScriptCore/runtime/Completion.cpp (modified) (3 diffs)
• JavaScriptCore/runtime/Completion.h (modified) (2 diffs)
• JavaScriptCore/runtime/DateConversion.cpp (modified) (1 diff)
• JavaScriptCore/runtime/Executable.cpp (modified) (4 diffs)
• JavaScriptCore/runtime/FunctionConstructor.cpp (modified) (1 diff)
• JavaScriptCore/runtime/GCActivityCallbackCF.cpp (modified) (1 diff)
• JavaScriptCore/runtime/Identifier.cpp (modified) (1 diff)
• JavaScriptCore/runtime/JSCell.h (modified) (1 diff)
• JavaScriptCore/runtime/JSChunk.cpp (added)
• JavaScriptCore/runtime/JSChunk.h (added)
• JavaScriptCore/runtime/JSFunction.cpp (modified) (8 diffs)
• JavaScriptCore/runtime/JSFunction.h (modified) (2 diffs)
• JavaScriptCore/runtime/JSGlobalData.cpp (modified) (1 diff)
• JavaScriptCore/runtime/JSGlobalData.h (modified) (1 diff)
• JavaScriptCore/runtime/JSGlobalObject.cpp (modified) (2 diffs)
• JavaScriptCore/runtime/JSGlobalObject.h (modified) (3 diffs)
• JavaScriptCore/runtime/JSGlobalObjectFunctions.cpp (modified) (1 diff)
• JavaScriptCore/runtime/JSLock.cpp (modified) (1 diff)
• JavaScriptCore/runtime/JSNumberCell.cpp (modified) (1 diff)
• JavaScriptCore/runtime/JSZombie.cpp (modified) (1 diff)
• JavaScriptCore/runtime/MarkedBlock.cpp (modified) (1 diff)
• JavaScriptCore/runtime/MarkedSpace.cpp (modified) (1 diff)
• JavaScriptCore/runtime/PropertyNameArray.cpp (modified) (1 diff)
• JavaScriptCore/runtime/ScopeChain.cpp (modified) (3 diffs)
• JavaScriptCore/runtime/ScopeChain.h (modified) (5 diffs)
• JavaScriptCore/runtime/ScopeChainMark.h (modified) (1 diff)
• JavaScriptCore/wtf/DateMath.cpp (modified) (1 diff)
• WebCore/ChangeLog (modified) (1 diff)
• WebCore/ForwardingHeaders/runtime/ScopeChain.h (added)
• WebCore/bindings/js/JSHTMLElementCustom.cpp (modified) (1 diff)
• WebCore/bindings/js/JSJavaScriptCallFrameCustom.cpp (modified) (2 diffs)
• WebCore/bindings/js/JSLazyEventListener.cpp (modified) (1 diff)
• WebCore/bindings/js/JSMainThreadExecState.h (modified) (1 diff)
• WebCore/bindings/js/JSNodeCustom.cpp (modified) (1 diff)
• WebCore/bindings/js/JavaScriptCallFrame.cpp (modified) (1 diff)
• WebCore/bindings/js/JavaScriptCallFrame.h (modified) (1 diff)
• WebCore/bindings/scripts/CodeGeneratorJS.pm (modified) (1 diff)
• WebCore/bridge/c/c_class.cpp (modified) (1 diff)
• WebCore/bridge/c/c_runtime.cpp (modified) (1 diff)
• WebCore/bridge/jni/JNIBridge.cpp (modified) (1 diff)
• WebCore/bridge/qt/qt_runtime.cpp (modified) (2 diffs)
• WebCore/plugins/PluginViewNone.cpp (modified) (1 diff)
• WebKit/mac/ChangeLog (modified) (1 diff)
• WebKit/mac/WebView/WebScriptDebugDelegate.mm (modified) (1 diff)

trunk/Source/JavaScriptCore/ChangeLog

@@ +1 @@
+2011-02-28  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Gavin Barraclough.
+
+        Make ScopeChainNode GC allocated
+        https://bugs.webkit.org/show_bug.cgi?id=55283
+
+        Simplify lifetime and other issues with the scopechain
+        by making it gc allocated.  This allows us to simplify
+        function exit and unwinding, as well as making the
+        current iterative refcounting go away.
+
+        * JavaScriptCore.exp:
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+        * bytecode/CodeBlock.cpp:
+        (JSC::CodeBlock::createActivation):
+        * bytecode/StructureStubInfo.cpp:
+        * bytecompiler/BytecodeGenerator.cpp:
+        (JSC::BytecodeGenerator::generate):
+        (JSC::BytecodeGenerator::BytecodeGenerator):
+        (JSC::BytecodeGenerator::emitJumpIfNotFunctionCall):
+        (JSC::BytecodeGenerator::emitJumpIfNotFunctionApply):
+        * bytecompiler/BytecodeGenerator.h:
+        * debugger/Debugger.cpp:
+        (JSC::Recompiler::operator()):
+        * debugger/DebuggerCallFrame.h:
+        (JSC::DebuggerCallFrame::scopeChain):
+        * interpreter/CachedCall.h:
+        (JSC::CachedCall::CachedCall):
+        * interpreter/CallFrame.h:
+        * interpreter/Interpreter.cpp:
+        (JSC::depth):
+        (JSC::Interpreter::unwindCallFrame):
+        (JSC::Interpreter::throwException):
+        (JSC::Interpreter::execute):
+        (JSC::Interpreter::executeCall):
+        (JSC::Interpreter::executeConstruct):
+        (JSC::Interpreter::privateExecute):
+        * jit/JITCall.cpp:
+        (JSC::JIT::compileOpCallInitializeCallFrame):
+        (JSC::JIT::compileOpCall):
+        * jit/JITCall32_64.cpp:
+        (JSC::JIT::compileOpCallInitializeCallFrame):
+        (JSC::JIT::emit_op_ret):
+        (JSC::JIT::emit_op_ret_object_or_this):
+        (JSC::JIT::compileOpCall):
+        * jit/JITOpcodes.cpp:
+        (JSC::JIT::emit_op_end):
+        (JSC::JIT::emit_op_ret):
+        (JSC::JIT::emit_op_ret_object_or_this):
+        * jit/JITOpcodes32_64.cpp:
+        (JSC::JIT::emit_op_end):
+        * jit/JITStubs.cpp:
+        (JSC::DEFINE_STUB_FUNCTION):
+        * jit/JITStubs.h:
+        * runtime/ArgList.cpp:
+        * runtime/Completion.cpp:
+        (JSC::evaluate):
+        * runtime/Completion.h:
+        * runtime/DateConversion.cpp:
+        * runtime/Executable.cpp:
+        (JSC::EvalExecutable::compileInternal):
+        (JSC::ProgramExecutable::compileInternal):
+        (JSC::FunctionExecutable::compileForCallInternal):
+        (JSC::FunctionExecutable::compileForConstructInternal):
+        * runtime/FunctionConstructor.cpp:
+        (JSC::constructFunction):
+        * runtime/GCActivityCallbackCF.cpp:
+        * runtime/Identifier.cpp:
+        * runtime/JSCell.h:
+        * runtime/JSChunk.cpp: Added.
+        * runtime/JSChunk.h: Added.
+        * runtime/JSFunction.cpp:
+        (JSC::JSFunction::JSFunction):
+        (JSC::JSFunction::markChildren):
+        (JSC::JSFunction::getCallData):
+        (JSC::JSFunction::getOwnPropertySlot):
+        (JSC::JSFunction::getConstructData):
+        * runtime/JSFunction.h:
+        (JSC::JSFunction::scope):
+        (JSC::JSFunction::setScope):
+        * runtime/JSGlobalData.cpp:
+        (JSC::JSGlobalData::JSGlobalData):
+        * runtime/JSGlobalData.h:
+        * runtime/JSGlobalObject.cpp:
+        (JSC::JSGlobalObject::init):
+        (JSC::JSGlobalObject::markChildren):
+        * runtime/JSGlobalObject.h:
+        (JSC::JSGlobalObject::JSGlobalObjectData::JSGlobalObjectData):
+        (JSC::JSGlobalObject::globalScopeChain):
+        * runtime/JSGlobalObjectFunctions.cpp:
+        (JSC::globalFuncEval):
+        * runtime/JSLock.cpp:
+        * runtime/JSNumberCell.cpp:
+        * runtime/JSZombie.cpp:
+        * runtime/MarkedBlock.cpp:
+        * runtime/MarkedSpace.cpp:
+        * runtime/PropertyNameArray.cpp:
+        * runtime/ScopeChain.cpp:
+        (JSC::ScopeChainNode::print):
+        (JSC::ScopeChainNode::localDepth):
+        (JSC::ScopeChainNode::markChildren):
+        * runtime/ScopeChain.h:
+        (JSC::ScopeChainNode::ScopeChainNode):
+        (JSC::ScopeChainNode::createStructure):
+        (JSC::ScopeChainNode::push):
+        (JSC::ScopeChainNode::pop):
+        (JSC::ScopeChainIterator::ScopeChainIterator):
+        (JSC::ScopeChainIterator::operator*):
+        (JSC::ScopeChainIterator::operator->):
+        (JSC::ScopeChainIterator::operator++):
+        (JSC::ScopeChainNode::begin):
+        (JSC::ScopeChainNode::end):
+        (JSC::ExecState::globalData):
+        (JSC::ExecState::lexicalGlobalObject):
+        (JSC::ExecState::globalThisValue):
+        * runtime/ScopeChainMark.h:
+        * wtf/DateMath.cpp:
+
 2011-02-27  Adam Barth  <abarth@webkit.org>
 

trunk/Source/JavaScriptCore/JavaScriptCore.exp

@@ -306 +306 @@
 __ZN3JSC8Profiler14startProfilingEPNS_9ExecStateERKNS_7UStringE
 __ZN3JSC8Profiler8profilerEv
-__ZN3JSC8evaluateEPNS_9ExecStateERNS_10ScopeChainERKNS_10SourceCodeENS_7JSValueE
+__ZN3JSC8evaluateEPNS_9ExecStateEPNS_14ScopeChainNodeERKNS_10SourceCodeENS_7JSValueE
 __ZN3JSC9CodeBlockD1Ev
 __ZN3JSC9CodeBlockD2Ev
@@ -588 +588 @@
 __ZTVN3JSC12StringObjectE
 __ZTVN3JSC14JSGlobalObjectE
+__ZTVN3JSC14ScopeChainNodeE
 __ZTVN3JSC15JSWrapperObjectE
 __ZTVN3JSC16InternalFunctionE

trunk/Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def

@@ -151 +151 @@
     ?equalUTF16WithUTF8@Unicode@WTF@@YA_NPB_W0PBD1@Z
     ?evaluate@DebuggerCallFrame@JSC@@QBE?AVJSValue@2@ABVUString@2@AAV32@@Z
-    ?evaluate@JSC@@YA?AVCompletion@1@PAVExecState@1@AAVScopeChain@1@ABVSourceCode@1@VJSValue@1@@Z
+    ?evaluate@JSC@@YA?AVCompletion@1@PAVExecState@1@PAVScopeChainNode@1@ABVSourceCode@1@VJSValue@1@@Z
     ?exclude@Profile@JSC@@QAEXPBVProfileNode@2@@Z
     ?fastCalloc@WTF@@YAPAXII@Z

trunk/Source/JavaScriptCore/bytecode/CodeBlock.cpp

@@ -1698 +1698 @@
     JSActivation* activation = new (callFrame) JSActivation(callFrame, static_cast<FunctionExecutable*>(ownerExecutable()));
     callFrame->uncheckedR(activationRegister()) = JSValue(activation);
-    callFrame->setScopeChain(callFrame->scopeChain()->copy()->push(activation));
+    callFrame->setScopeChain(callFrame->scopeChain()->push(activation));
 }
 

trunk/Source/JavaScriptCore/bytecode/StructureStubInfo.cpp

@@ -26 +26 @@
 #include "config.h"
 #include "StructureStubInfo.h"
+
+#include "ScopeChain.h"
 
 namespace JSC {

trunk/Source/JavaScriptCore/bytecompiler/BytecodeGenerator.cpp

@@ -34 +34 @@
 #include "JSFunction.h"
 #include "Interpreter.h"
+#include "ScopeChain.h"
 #include "UString.h"
 
@@ -147 +148 @@
 
     if (s_dumpsGeneratedCode)
-        m_codeBlock->dump(m_scopeChain->globalObject()->globalExec());
+        m_codeBlock->dump(m_scopeChain->globalObject->globalExec());
 #endif
 
@@ -156 +157 @@
 
     if (m_expressionTooDeep)
-        return createOutOfMemoryError(m_scopeChain->globalObject());
+        return createOutOfMemoryError(m_scopeChain->globalObject.get());
     return 0;
 }
@@ -198 +199 @@
 }
 
-BytecodeGenerator::BytecodeGenerator(ProgramNode* programNode, const ScopeChain& scopeChain, SymbolTable* symbolTable, ProgramCodeBlock* codeBlock)
-    : m_shouldEmitDebugHooks(scopeChain.globalObject()->debugger())
-    , m_shouldEmitProfileHooks(scopeChain.globalObject()->supportsProfiling())
-    , m_shouldEmitRichSourceInfo(scopeChain.globalObject()->supportsRichSourceInfo())
-    , m_scopeChain(&scopeChain)
+BytecodeGenerator::BytecodeGenerator(ProgramNode* programNode, ScopeChainNode* scopeChain, SymbolTable* symbolTable, ProgramCodeBlock* codeBlock)
+    : m_shouldEmitDebugHooks(scopeChain->globalObject->debugger())
+    , m_shouldEmitProfileHooks(scopeChain->globalObject->supportsProfiling())
+    , m_shouldEmitRichSourceInfo(scopeChain->globalObject->supportsRichSourceInfo())
+    , m_scopeChain(*scopeChain->globalData, scopeChain)
     , m_symbolTable(symbolTable)
     , m_scopeNode(programNode)
@@ -217 +218 @@
     , m_firstLazyFunction(0)
     , m_lastLazyFunction(0)
-    , m_globalData(&scopeChain.globalObject()->globalData())
+    , m_globalData(scopeChain->globalData)
     , m_lastOpcodeID(op_end)
 #ifndef NDEBUG
@@ -238 +239 @@
     m_codeBlock->m_numParameters = 1; // Allocate space for "this"
 
-    JSGlobalObject* globalObject = scopeChain.globalObject();
+    JSGlobalObject* globalObject = scopeChain->globalObject.get();
     ExecState* exec = globalObject->globalExec();
     RegisterFile* registerFile = &exec->globalData().interpreter->registerFile();
@@ -283 +284 @@
         for (size_t i = 0; i < functionStack.size(); ++i) {
             FunctionBodyNode* function = functionStack[i];
-            globalObject->putWithAttributes(exec, function->ident(), new (exec) JSFunction(exec, makeFunction(exec, function), scopeChain.node()), DontDelete);
+            globalObject->putWithAttributes(exec, function->ident(), new (exec) JSFunction(exec, makeFunction(exec, function), scopeChain), DontDelete);
         }
         for (size_t i = 0; i < varStack.size(); ++i) {
@@ -299 +300 @@
 }
 
-BytecodeGenerator::BytecodeGenerator(FunctionBodyNode* functionBody, const ScopeChain& scopeChain, SymbolTable* symbolTable, CodeBlock* codeBlock)
-    : m_shouldEmitDebugHooks(scopeChain.globalObject()->debugger())
-    , m_shouldEmitProfileHooks(scopeChain.globalObject()->supportsProfiling())
-    , m_shouldEmitRichSourceInfo(scopeChain.globalObject()->supportsRichSourceInfo())
-    , m_scopeChain(&scopeChain)
+BytecodeGenerator::BytecodeGenerator(FunctionBodyNode* functionBody, ScopeChainNode* scopeChain, SymbolTable* symbolTable, CodeBlock* codeBlock)
+    : m_shouldEmitDebugHooks(scopeChain->globalObject->debugger())
+    , m_shouldEmitProfileHooks(scopeChain->globalObject->supportsProfiling())
+    , m_shouldEmitRichSourceInfo(scopeChain->globalObject->supportsRichSourceInfo())
+    , m_scopeChain(*scopeChain->globalData, scopeChain)
     , m_symbolTable(symbolTable)
     , m_scopeNode(functionBody)
@@ -317 +318 @@
     , m_firstLazyFunction(0)
     , m_lastLazyFunction(0)
-    , m_globalData(&scopeChain.globalObject()->globalData())
+    , m_globalData(scopeChain->globalData)
     , m_lastOpcodeID(op_end)
 #ifndef NDEBUG
@@ -465 +466 @@
 }
 
-BytecodeGenerator::BytecodeGenerator(EvalNode* evalNode, const ScopeChain& scopeChain, SymbolTable* symbolTable, EvalCodeBlock* codeBlock)
-    : m_shouldEmitDebugHooks(scopeChain.globalObject()->debugger())
-    , m_shouldEmitProfileHooks(scopeChain.globalObject()->supportsProfiling())
-    , m_shouldEmitRichSourceInfo(scopeChain.globalObject()->supportsRichSourceInfo())
-    , m_scopeChain(&scopeChain)
+BytecodeGenerator::BytecodeGenerator(EvalNode* evalNode, ScopeChainNode* scopeChain, SymbolTable* symbolTable, EvalCodeBlock* codeBlock)
+    : m_shouldEmitDebugHooks(scopeChain->globalObject->debugger())
+    , m_shouldEmitProfileHooks(scopeChain->globalObject->supportsProfiling())
+    , m_shouldEmitRichSourceInfo(scopeChain->globalObject->supportsRichSourceInfo())
+    , m_scopeChain(*scopeChain->globalData, scopeChain)
     , m_symbolTable(symbolTable)
     , m_scopeNode(evalNode)
@@ -483 +484 @@
     , m_firstLazyFunction(0)
     , m_lastLazyFunction(0)
-    , m_globalData(&scopeChain.globalObject()->globalData())
+    , m_globalData(scopeChain->globalData)
     , m_lastOpcodeID(op_end)
 #ifndef NDEBUG
@@ -908 +909 @@
     emitOpcode(op_jneq_ptr);
     instructions().append(cond->index());
-    instructions().append(m_scopeChain->globalObject()->d()->callFunction.get());
+    instructions().append(m_scopeChain->globalObject->d()->callFunction.get());
     instructions().append(target->bind(begin, instructions().size()));
     return target;
@@ -919 +920 @@
     emitOpcode(op_jneq_ptr);
     instructions().append(cond->index());
-    instructions().append(m_scopeChain->globalObject()->d()->applyFunction.get());
+    instructions().append(m_scopeChain->globalObject->d()->applyFunction.get());
     instructions().append(target->bind(begin, instructions().size()));
     return target;

trunk/Source/JavaScriptCore/bytecompiler/BytecodeGenerator.h

@@ -48 +48 @@
 
     class Identifier;
-    class ScopeChain;
-    class ScopeNode;
+    class ScopeChainNode;
 
     class CallArguments {
@@ -94 +93 @@
         static bool dumpsGeneratedCode();
 
-        BytecodeGenerator(ProgramNode*, const ScopeChain&, SymbolTable*, ProgramCodeBlock*);
-        BytecodeGenerator(FunctionBodyNode*, const ScopeChain&, SymbolTable*, CodeBlock*);
-        BytecodeGenerator(EvalNode*, const ScopeChain&, SymbolTable*, EvalCodeBlock*);
+        BytecodeGenerator(ProgramNode*, ScopeChainNode*, SymbolTable*, ProgramCodeBlock*);
+        BytecodeGenerator(FunctionBodyNode*, ScopeChainNode*, SymbolTable*, CodeBlock*);
+        BytecodeGenerator(EvalNode*, ScopeChainNode*, SymbolTable*, EvalCodeBlock*);
 
         JSGlobalData* globalData() const { return m_globalData; }
@@ -521 +520 @@
         bool m_shouldEmitRichSourceInfo;
 
-        const ScopeChain* m_scopeChain;
+        Global<ScopeChainNode> m_scopeChain;
         SymbolTable* m_symbolTable;
 

trunk/Source/JavaScriptCore/debugger/Debugger.cpp

@@ -77 +77 @@
         return;
 
-    ExecState* exec = function->scope().globalObject()->JSGlobalObject::globalExec();
+    ExecState* exec = function->scope()->globalObject->JSGlobalObject::globalExec();
     executable->discardCode();
-    if (m_debugger == function->scope().globalObject()->debugger())
+    if (m_debugger == function->scope()->globalObject->debugger())
         m_sourceProviders.add(executable->source().provider(), exec);
 }

trunk/Source/JavaScriptCore/debugger/DebuggerCallFrame.h

@@ -50 +50 @@
 
         JSGlobalObject* dynamicGlobalObject() const { return m_callFrame->dynamicGlobalObject(); }
-        const ScopeChainNode* scopeChain() const { return m_callFrame->scopeChain(); }
+        ScopeChainNode* scopeChain() const { return m_callFrame->scopeChain(); }
         const UString* functionName() const;
         UString calculatedFunctionName() const;

trunk/Source/JavaScriptCore/interpreter/CachedCall.h

@@ -39 +39 @@
             : m_valid(false)
             , m_interpreter(callFrame->interpreter())
-            , m_globalObjectScope(callFrame, function->scope().globalObject())
+            , m_globalObjectScope(callFrame, function->scope()->globalObject.get())
         {
             ASSERT(!function->isHostFunction());
-            m_closure = m_interpreter->prepareForRepeatCall(function->jsExecutable(), callFrame, function, argCount, function->scope().node());
+            m_closure = m_interpreter->prepareForRepeatCall(function->jsExecutable(), callFrame, function, argCount, function->scope());
             m_valid = !callFrame->hadException();
         }

trunk/Source/JavaScriptCore/interpreter/CallFrame.h

@@ -27 +27 @@
 #include "MacroAssemblerCodeRef.h"
 #include "RegisterFile.h"
-#include "ScopeChain.h"
 
 namespace JSC  {
@@ -34 +33 @@
     class JSActivation;
     class Interpreter;
+    class ScopeChainNode;
 
     // Represents the current state of script execution.
@@ -52 +52 @@
         // Global object in which the currently executing code was defined.
         // Differs from dynamicGlobalObject() during function calls across web browser frames.
-        JSGlobalObject* lexicalGlobalObject() const
-        {
-            return scopeChain()->globalObject;
-        }
+        inline JSGlobalObject* lexicalGlobalObject() const;
 
         // Differs from lexicalGlobalObject because this will have DOM window shell rather than
         // the actual DOM window, which can't be "this" for security reasons.
-        JSObject* globalThisValue() const
-        {
-            return scopeChain()->globalThis;
-        }
+        inline JSObject* globalThisValue() const;
 
-        JSGlobalData& globalData() const
-        {
-            ASSERT(scopeChain()->globalData);
-            return *scopeChain()->globalData;
-        }
+        inline JSGlobalData& globalData() const;
 
         // Convenience functions for access to global data.

trunk/Source/JavaScriptCore/interpreter/Interpreter.cpp

@@ -77 +77 @@
 
 // Returns the depth of the scope chain within a given call frame.
-static int depth(CodeBlock* codeBlock, ScopeChain& sc)
+static int depth(CodeBlock* codeBlock, ScopeChainNode* sc)
 {
     if (!codeBlock->needsFullScopeChain())
         return 0;
-    return sc.localDepth();
+    return sc->localDepth();
 }
 
@@ -580 +580 @@
     }
 
-    if (oldCodeBlock->needsFullScopeChain())
-        scopeChain->deref();
-
     CallFrame* callerFrame = callFrame->callerFrame();
     if (callerFrame->hasHostCallFrameFlag())
@@ -711 +708 @@
     // Unwind the scope chain within the exception handler's call frame.
     ScopeChainNode* scopeChain = callFrame->scopeChain();
-    ScopeChain sc(scopeChain);
     int scopeDelta = 0;
     if (!codeBlock->needsFullScopeChain() || codeBlock->codeType() != FunctionCode 
         || callFrame->uncheckedR(codeBlock->activationRegister()).jsValue())
-        scopeDelta = depth(codeBlock, sc) - handler->scopeDepth;
+        scopeDelta = depth(codeBlock, scopeChain) - handler->scopeDepth;
     ASSERT(scopeDelta >= 0);
     while (scopeDelta--)
@@ -762 +758 @@
     newCallFrame->uncheckedR(newCallFrame->hostThisRegister()) = JSValue(thisObj);
 
-    if (codeBlock->needsFullScopeChain())
-        scopeChain->ref();
-
-    DynamicGlobalObjectScope globalObjectScope(callFrame, scopeChain->globalObject);
+    DynamicGlobalObjectScope globalObjectScope(callFrame, scopeChain->globalObject.get());
 
     Profiler** profiler = Profiler::enabledProfilerReference();
@@ -836 +829 @@
         newCallFrame->init(newCodeBlock, 0, callDataScopeChain, callFrame->addHostCallFrameFlag(), argCount, function);
 
-        DynamicGlobalObjectScope globalObjectScope(newCallFrame, callDataScopeChain->globalObject);
+        DynamicGlobalObjectScope globalObjectScope(newCallFrame, callDataScopeChain->globalObject.get());
 
         Profiler** profiler = Profiler::enabledProfilerReference();
@@ -868 +861 @@
     newCallFrame->init(0, 0, scopeChain, callFrame->addHostCallFrameFlag(), argCount, function);
 
-    DynamicGlobalObjectScope globalObjectScope(newCallFrame, scopeChain->globalObject);
+    DynamicGlobalObjectScope globalObjectScope(newCallFrame, scopeChain->globalObject.get());
 
     Profiler** profiler = Profiler::enabledProfilerReference();
@@ -925 +918 @@
         newCallFrame->init(newCodeBlock, 0, constructDataScopeChain, callFrame->addHostCallFrameFlag(), argCount, constructor);
 
-        DynamicGlobalObjectScope globalObjectScope(newCallFrame, constructDataScopeChain->globalObject);
+        DynamicGlobalObjectScope globalObjectScope(newCallFrame, constructDataScopeChain->globalObject.get());
 
         Profiler** profiler = Profiler::enabledProfilerReference();
@@ -960 +953 @@
     newCallFrame->init(0, 0, scopeChain, callFrame->addHostCallFrameFlag(), argCount, constructor);
 
-    DynamicGlobalObjectScope globalObjectScope(newCallFrame, scopeChain->globalObject);
+    DynamicGlobalObjectScope globalObjectScope(newCallFrame, scopeChain->globalObject.get());
 
     Profiler** profiler = Profiler::enabledProfilerReference();
@@ -1077 +1070 @@
         return checkedReturn(throwStackOverflowError(callFrame));
 
-    DynamicGlobalObjectScope globalObjectScope(callFrame, scopeChain->globalObject);
+    DynamicGlobalObjectScope globalObjectScope(callFrame, scopeChain->globalObject.get());
 
     JSObject* compileError = eval->compile(callFrame, scopeChain);
@@ -1085 +1078 @@
 
     JSObject* variableObject;
-    for (ScopeChainNode* node = scopeChain; ; node = node->next) {
+    for (ScopeChainNode* node = scopeChain; ; node = node->next.get()) {
         ASSERT(node);
         if (node->object->isVariableObject()) {
@@ -1133 +1126 @@
     newCallFrame->init(codeBlock, 0, scopeChain, callFrame->addHostCallFrameFlag(), codeBlock->m_numParameters, 0);
     newCallFrame->uncheckedR(newCallFrame->hostThisRegister()) = JSValue(thisObj);
-
-    if (codeBlock->needsFullScopeChain())
-        scopeChain->ref();
 
     Profiler** profiler = Profiler::enabledProfilerReference();
@@ -3806 +3796 @@
         if (!function->name().isNull()) {
             JSStaticScopeObject* functionScopeObject = new (callFrame) JSStaticScopeObject(callFrame, function->name(), func, ReadOnly | DontDelete);
-            func->scope().push(functionScopeObject);
+            func->setScope(*globalData, func->scope()->push(functionScopeObject));
         }
 
@@ -3836 +3826 @@
         Register* argv = newCallFrame - RegisterFile::CallFrameHeaderSize - argCount;
         JSValue thisValue = argv[0].jsValue();
-        JSGlobalObject* globalObject = callFrame->scopeChain()->globalObject;
+        JSGlobalObject* globalObject = callFrame->scopeChain()->globalObject.get();
 
         if (thisValue == globalObject && funcVal == globalObject->evalFunction()) {
@@ -4151 +4141 @@
         int result = vPC[1].u.operand;
 
-        if (callFrame->codeBlock()->needsFullScopeChain() && callFrame->r(codeBlock->activationRegister()).jsValue())
-            callFrame->scopeChain()->deref();
-
         JSValue returnValue = callFrame->r(result).jsValue();
 
@@ -4192 +4179 @@
         int result = vPC[1].u.operand;
 
-        if (codeBlock->needsFullScopeChain() && callFrame->r(codeBlock->activationRegister()).jsValue())
-            callFrame->scopeChain()->deref();
-
         JSValue returnValue = callFrame->r(result).jsValue();
 
@@ -4239 +4223 @@
             JSActivation* activation = new (globalData) JSActivation(callFrame, static_cast<FunctionExecutable*>(codeBlock->ownerExecutable()));
             callFrame->r(activationReg) = JSValue(activation);
-            callFrame->setScopeChain(callFrame->scopeChain()->copy()->push(activation));
+            callFrame->setScopeChain(callFrame->scopeChain()->push(activation));
         }
         vPC += OPCODE_LENGTH(op_create_activation);
@@ -4278 +4262 @@
             structure = asObject(proto)->inheritorID();
         else
-            structure = constructor->scope().node()->globalObject->emptyObjectStructure();
+            structure = constructor->scope()->globalObject->emptyObjectStructure();
         callFrame->uncheckedR(thisRegister) = constructEmptyObject(callFrame, structure);
 
@@ -4644 +4628 @@
         */
 
-        if (codeBlock->needsFullScopeChain()) {
-            ScopeChainNode* scopeChain = callFrame->scopeChain();
-            ASSERT(scopeChain->refCount > 1);
-            scopeChain->deref();
-        }
         int result = vPC[1].u.operand;
         return callFrame->r(result).jsValue();

trunk/Source/JavaScriptCore/jit/JITCall.cpp

@@ -50 +50 @@
 {
     store32(regT1, Address(callFrameRegister, RegisterFile::ArgumentCount * static_cast<int>(sizeof(Register))));
-    loadPtr(Address(regT0, OBJECT_OFFSETOF(JSFunction, m_scopeChain) + OBJECT_OFFSETOF(ScopeChain, m_node)), regT3); // newScopeChain
+    loadPtr(Address(regT0, OBJECT_OFFSETOF(JSFunction, m_scopeChain)), regT3); // newScopeChain
     storePtr(regT0, Address(callFrameRegister, RegisterFile::Callee * static_cast<int>(sizeof(Register))));
     storePtr(regT3, Address(callFrameRegister, RegisterFile::ScopeChain * static_cast<int>(sizeof(Register))));
@@ -199 +199 @@
     // Note that this omits to set up RegisterFile::CodeBlock, which is set in the callee
 
-    loadPtr(Address(regT0, OBJECT_OFFSETOF(JSFunction, m_scopeChain) + OBJECT_OFFSETOF(ScopeChain, m_node)), regT1); // newScopeChain
+    loadPtr(Address(regT0, OBJECT_OFFSETOF(JSFunction, m_scopeChain)), regT1); // newScopeChain
 
     store32(Imm32(argCount), Address(callFrameRegister, (registerOffset + RegisterFile::ArgumentCount) * static_cast<int>(sizeof(Register))));

trunk/Source/JavaScriptCore/jit/JITCall32_64.cpp

@@ -51 +51 @@
     // regT0 holds callee, regT1 holds argCount
     store32(regT1, Address(callFrameRegister, RegisterFile::ArgumentCount * static_cast<int>(sizeof(Register))));
-    loadPtr(Address(regT0, OBJECT_OFFSETOF(JSFunction, m_scopeChain) + OBJECT_OFFSETOF(ScopeChain, m_node)), regT3); // scopeChain
+    loadPtr(Address(regT0, OBJECT_OFFSETOF(JSFunction, m_scopeChain)), regT3); // scopeChain
     storePtr(regT0, Address(callFrameRegister, RegisterFile::Callee * static_cast<int>(sizeof(Register)))); // callee
     storePtr(regT3, Address(callFrameRegister, RegisterFile::ScopeChain * static_cast<int>(sizeof(Register)))); // scopeChain
@@ -108 +108 @@
     unsigned dst = currentInstruction[1].u.operand;
 
-    // We could JIT generate the deref, only calling out to C when the refcount hits zero.
-    if (m_codeBlock->needsFullScopeChain()) {
-        Jump activationNotCreated = branch32(Equal, tagFor(m_codeBlock->activationRegister()), Imm32(JSValue::EmptyValueTag));
-        JITStubCall(this, cti_op_ret_scopeChain).call();
-        activationNotCreated.link(this);
-    }
     emitLoad(dst, regT1, regT0);
     emitGetFromCallFrameHeaderPtr(RegisterFile::ReturnPC, regT2);
@@ -126 +120 @@
     unsigned result = currentInstruction[1].u.operand;
     unsigned thisReg = currentInstruction[2].u.operand;
-
-    // We could JIT generate the deref, only calling out to C when the refcount hits zero.
-    if (m_codeBlock->needsFullScopeChain()) {
-        Jump activationNotCreated = branch32(Equal, tagFor(m_codeBlock->activationRegister()), Imm32(JSValue::EmptyValueTag));
-        JITStubCall(this, cti_op_ret_scopeChain).call();
-        activationNotCreated.link(this);
-    }
 
     emitLoad(result, regT1, regT0);
@@ -292 +279 @@
     // Fast version of stack frame initialization, directly relative to edi.
     // Note that this omits to set up RegisterFile::CodeBlock, which is set in the callee
-    loadPtr(Address(regT0, OBJECT_OFFSETOF(JSFunction, m_scopeChain) + OBJECT_OFFSETOF(ScopeChain, m_node)), regT2);
+    loadPtr(Address(regT0, OBJECT_OFFSETOF(JSFunction, m_scopeChain)), regT2);
 
     store32(Imm32(argCount), Address(callFrameRegister, (registerOffset + RegisterFile::ArgumentCount) * static_cast<int>(sizeof(Register))));

trunk/Source/JavaScriptCore/jit/JITOpcodes.cpp

@@ -331 +331 @@
 void JIT::emit_op_end(Instruction* currentInstruction)
 {
-    if (m_codeBlock->needsFullScopeChain())
-        JITStubCall(this, cti_op_end).call();
-
     ASSERT(returnValueRegister != callFrameRegister);
     emitGetVirtualRegister(currentInstruction[1].u.operand, returnValueRegister);
@@ -544 +541 @@
 void JIT::emit_op_ret(Instruction* currentInstruction)
 {
-    // We could JIT generate the deref, only calling out to C when the refcount hits zero.
-    if (m_codeBlock->needsFullScopeChain()) {
-        Jump activationNotCreated = branchTestPtr(Zero, addressFor(m_codeBlock->activationRegister()));
-        JITStubCall(this, cti_op_ret_scopeChain).call();
-        activationNotCreated.link(this);
-    }
     ASSERT(callFrameRegister != regT1);
     ASSERT(regT1 != returnValueRegister);
@@ -570 +561 @@
 void JIT::emit_op_ret_object_or_this(Instruction* currentInstruction)
 {
-    // We could JIT generate the deref, only calling out to C when the refcount hits zero.
-    if (m_codeBlock->needsFullScopeChain()) {
-        Jump activationNotCreated = branchTestPtr(Zero, addressFor(m_codeBlock->activationRegister()));
-        JITStubCall(this, cti_op_ret_scopeChain).call();
-        activationNotCreated.link(this);
-    }
-
     ASSERT(callFrameRegister != regT1);
     ASSERT(regT1 != returnValueRegister);

trunk/Source/JavaScriptCore/jit/JITOpcodes32_64.cpp

@@ -449 +449 @@
 void JIT::emit_op_end(Instruction* currentInstruction)
 {
-    if (m_codeBlock->needsFullScopeChain())
-        JITStubCall(this, cti_op_end).call();
     ASSERT(returnValueRegister != callFrameRegister);
     emitLoad(currentInstruction[1].u.operand, regT1, regT0);

trunk/Source/JavaScriptCore/jit/JITStubs.cpp

@@ -1175 +1175 @@
         structure = asObject(proto)->inheritorID();
     else
-        structure = constructor->scope().node()->globalObject->emptyObjectStructure();
+        structure = constructor->scope()->globalObject->emptyObjectStructure();
     JSValue result = constructEmptyObject(callFrame, structure);
 
@@ -1203 +1203 @@
     CHECK_FOR_EXCEPTION_AT_END();
     return JSValue::encode(result);
-}
-
-DEFINE_STUB_FUNCTION(void, op_end)
-{
-    STUB_INIT_STACK_FRAME(stackFrame);
-
-    ScopeChainNode* scopeChain = stackFrame.callFrame->scopeChain();
-    ASSERT(scopeChain->refCount > 1);
-    scopeChain->deref();
 }
 
@@ -1848 +1839 @@
     ASSERT(!function->isHostFunction());
     FunctionExecutable* executable = function->jsExecutable();
-    ScopeChainNode* callDataScopeChain = function->scope().node();
+    ScopeChainNode* callDataScopeChain = function->scope();
     JSObject* error = executable->compileForCall(stackFrame.callFrame, callDataScopeChain);
     if (error) {
@@ -1869 +1860 @@
     ASSERT(!function->isHostFunction());
     FunctionExecutable* executable = function->jsExecutable();
-    ScopeChainNode* callDataScopeChain = function->scope().node();
+    ScopeChainNode* callDataScopeChain = function->scope();
     JSObject* error = executable->compileForConstruct(stackFrame.callFrame, callDataScopeChain);
     if (error) {
@@ -1930 +1921 @@
     callFrame->setArgumentCountIncludingThis(argCount);
     callFrame->setCallee(callee);
-    callFrame->setScopeChain(callee->scope().node());
+    callFrame->setScopeChain(callee->scope());
     callFrame->setReturnPC(pc.value());
 
@@ -1989 +1980 @@
     callFrame->setArgumentCountIncludingThis(argCount);
     callFrame->setCallee(callee);
-    callFrame->setScopeChain(callee->scope().node());
+    callFrame->setScopeChain(callee->scope());
     callFrame->setReturnPC(pc.value());
 
@@ -2010 +2001 @@
     else {
         FunctionExecutable* functionExecutable = static_cast<FunctionExecutable*>(executable);
-        JSObject* error = functionExecutable->compileForCall(callFrame, callee->scope().node());
+        JSObject* error = functionExecutable->compileForCall(callFrame, callee->scope());
         if (error) {
             callFrame->globalData().exception = createStackOverflowError(callFrame);
@@ -2044 +2035 @@
     else {
         FunctionExecutable* functionExecutable = static_cast<FunctionExecutable*>(executable);
-        JSObject* error = functionExecutable->compileForConstruct(callFrame, callee->scope().node());
+        JSObject* error = functionExecutable->compileForConstruct(callFrame, callee->scope());
         if (error) {
             throwStackOverflowError(callFrame, stackFrame.globalData, ReturnAddressPtr(callFrame->returnPC()), STUB_RETURN_ADDRESS);
@@ -2071 +2062 @@
 
     JSActivation* activation = new (stackFrame.globalData) JSActivation(stackFrame.callFrame, static_cast<FunctionExecutable*>(stackFrame.callFrame->codeBlock()->ownerExecutable()));
-    stackFrame.callFrame->setScopeChain(stackFrame.callFrame->scopeChain()->copy()->push(activation));
+    stackFrame.callFrame->setScopeChain(stackFrame.callFrame->scopeChain()->push(activation));
     return activation;
 }
@@ -2173 +2164 @@
     ASSERT(*stackFrame.enabledProfilerReference);
     (*stackFrame.enabledProfilerReference)->didExecute(stackFrame.callFrame, stackFrame.args[0].jsValue());
-}
-
-DEFINE_STUB_FUNCTION(void, op_ret_scopeChain)
-{
-    STUB_INIT_STACK_FRAME(stackFrame);
-
-    ASSERT(stackFrame.callFrame->codeBlock()->needsFullScopeChain());
-    stackFrame.callFrame->scopeChain()->deref();
 }
 
@@ -3009 +2992 @@
     if (!function->name().isNull()) {
         JSStaticScopeObject* functionScopeObject = new (callFrame) JSStaticScopeObject(callFrame, function->name(), func, ReadOnly | DontDelete);
-        func->scope().push(functionScopeObject);
+        func->setScope(callFrame->globalData(), func->scope()->push(functionScopeObject));
     }
 
@@ -3119 +3102 @@
     Register* argv = newCallFrame - RegisterFile::CallFrameHeaderSize - argCount;
     JSValue baseValue = argv[0].jsValue();
-    JSGlobalObject* globalObject = callFrame->scopeChain()->globalObject;
+    JSGlobalObject* globalObject = callFrame->scopeChain()->globalObject.get();
 
     if (baseValue == globalObject && funcVal == globalObject->evalFunction()) {

trunk/Source/JavaScriptCore/jit/JITStubs.h

@@ -391 +391 @@
     void JIT_STUB cti_op_put_getter(STUB_ARGS_DECLARATION);
     void JIT_STUB cti_op_put_setter(STUB_ARGS_DECLARATION);
-    void JIT_STUB cti_op_ret_scopeChain(STUB_ARGS_DECLARATION);
     void JIT_STUB cti_op_tear_off_activation(STUB_ARGS_DECLARATION);
     void JIT_STUB cti_op_tear_off_arguments(STUB_ARGS_DECLARATION);

trunk/Source/JavaScriptCore/runtime/ArgList.cpp

@@ -24 +24 @@
 #include "JSValue.h"
 #include "JSCell.h"
+#include "ScopeChain.h"
 
 using std::min;

trunk/Source/JavaScriptCore/runtime/Completion.cpp

@@ -48 +48 @@
 }
 
-Completion evaluate(ExecState* exec, ScopeChain& scopeChain, const SourceCode& source, JSValue thisValue)
+Completion evaluate(ExecState* exec, ScopeChainNode* scopeChain, const SourceCode& source, JSValue thisValue)
 {
     JSLock lock(exec);
@@ -54 +54 @@
 
     RefPtr<ProgramExecutable> program = ProgramExecutable::create(exec, source);
-    JSObject* error = program->compile(exec, scopeChain.node());
+    JSObject* error = program->compile(exec, scopeChain);
     if (error)
         return Completion(Throw, error);
@@ -60 +60 @@
     JSObject* thisObj = (!thisValue || thisValue.isUndefinedOrNull()) ? exec->dynamicGlobalObject() : thisValue.toObject(exec);
 
-    JSValue result = exec->interpreter()->execute(program.get(), exec, scopeChain.node(), thisObj);
+    JSValue result = exec->interpreter()->execute(program.get(), exec, scopeChain, thisObj);
 
     if (exec->hadException()) {

trunk/Source/JavaScriptCore/runtime/Completion.h

@@ -29 +29 @@
 
     class ExecState;
-    class ScopeChain;
+    class ScopeChainNode;
     class SourceCode;
 
@@ -57 +57 @@
 
     Completion checkSyntax(ExecState*, const SourceCode&);
-    Completion evaluate(ExecState*, ScopeChain&, const SourceCode&, JSValue thisValue = JSValue());
+    Completion evaluate(ExecState*, ScopeChainNode*, const SourceCode&, JSValue thisValue = JSValue());
 
 } // namespace JSC

trunk/Source/JavaScriptCore/runtime/DateConversion.cpp

@@ -45 +45 @@
 
 #include "CallFrame.h"
+#include "ScopeChain.h"
 #include "UString.h"
 #include <wtf/DateMath.h>

trunk/Source/JavaScriptCore/runtime/Executable.cpp

@@ -102 +102 @@
     recordParse(evalNode->features(), evalNode->hasCapturedVariables(), evalNode->lineNo(), evalNode->lastLine());
 
-    ScopeChain scopeChain(scopeChainNode);
-    JSGlobalObject* globalObject = scopeChain.globalObject();
+    JSGlobalObject* globalObject = scopeChainNode->globalObject.get();
 
     ASSERT(!m_evalCodeBlock);
-    m_evalCodeBlock = adoptPtr(new EvalCodeBlock(this, globalObject, source().provider(), scopeChain.localDepth()));
-    OwnPtr<BytecodeGenerator> generator(adoptPtr(new BytecodeGenerator(evalNode.get(), scopeChain, m_evalCodeBlock->symbolTable(), m_evalCodeBlock.get())));
+    m_evalCodeBlock = adoptPtr(new EvalCodeBlock(this, globalObject, source().provider(), scopeChainNode->localDepth()));
+    OwnPtr<BytecodeGenerator> generator(adoptPtr(new BytecodeGenerator(evalNode.get(), scopeChainNode, m_evalCodeBlock->symbolTable(), m_evalCodeBlock.get())));
     if ((exception = generator->generate())) {
         m_evalCodeBlock.clear();
@@ -155 +154 @@
     recordParse(programNode->features(), programNode->hasCapturedVariables(), programNode->lineNo(), programNode->lastLine());
 
-    ScopeChain scopeChain(scopeChainNode);
-    JSGlobalObject* globalObject = scopeChain.globalObject();
+    JSGlobalObject* globalObject = scopeChainNode->globalObject.get();
     
     m_programCodeBlock = adoptPtr(new ProgramCodeBlock(this, GlobalCode, globalObject, source().provider()));
-    OwnPtr<BytecodeGenerator> generator(adoptPtr(new BytecodeGenerator(programNode.get(), scopeChain, &globalObject->symbolTable(), m_programCodeBlock.get())));
+    OwnPtr<BytecodeGenerator> generator(adoptPtr(new BytecodeGenerator(programNode.get(), scopeChainNode, &globalObject->symbolTable(), m_programCodeBlock.get())));
     if ((exception = generator->generate())) {
         m_programCodeBlock.clear();
@@ -195 +193 @@
     recordParse(body->features(), body->hasCapturedVariables(), body->lineNo(), body->lastLine());
 
-    ScopeChain scopeChain(scopeChainNode);
-    JSGlobalObject* globalObject = scopeChain.globalObject();
+    JSGlobalObject* globalObject = scopeChainNode->globalObject.get();
 
     ASSERT(!m_codeBlockForCall);
     m_codeBlockForCall = adoptPtr(new FunctionCodeBlock(this, FunctionCode, globalObject, source().provider(), source().startOffset(), false));
-    OwnPtr<BytecodeGenerator> generator(adoptPtr(new BytecodeGenerator(body.get(), scopeChain, m_codeBlockForCall->symbolTable(), m_codeBlockForCall.get())));
+    OwnPtr<BytecodeGenerator> generator(adoptPtr(new BytecodeGenerator(body.get(), scopeChainNode, m_codeBlockForCall->symbolTable(), m_codeBlockForCall.get())));
     if ((exception = generator->generate())) {
         m_codeBlockForCall.clear();
@@ -241 +238 @@
     recordParse(body->features(), body->hasCapturedVariables(), body->lineNo(), body->lastLine());
 
-    ScopeChain scopeChain(scopeChainNode);
-    JSGlobalObject* globalObject = scopeChain.globalObject();
+    JSGlobalObject* globalObject = scopeChainNode->globalObject.get();
 
     ASSERT(!m_codeBlockForConstruct);
     m_codeBlockForConstruct = adoptPtr(new FunctionCodeBlock(this, FunctionCode, globalObject, source().provider(), source().startOffset(), true));
-    OwnPtr<BytecodeGenerator> generator(adoptPtr(new BytecodeGenerator(body.get(), scopeChain, m_codeBlockForConstruct->symbolTable(), m_codeBlockForConstruct.get())));
+    OwnPtr<BytecodeGenerator> generator(adoptPtr(new BytecodeGenerator(body.get(), scopeChainNode, m_codeBlockForConstruct->symbolTable(), m_codeBlockForConstruct.get())));
     if ((exception = generator->generate())) {
         m_codeBlockForConstruct.clear();

trunk/Source/JavaScriptCore/runtime/FunctionConstructor.cpp

@@ -107 +107 @@
     }
 
-    ScopeChain scopeChain(globalObject, &globalData, globalObject, exec->globalThisValue());
-    return new (exec) JSFunction(exec, function, scopeChain.node());
+    ScopeChainNode* scopeChain = new (exec) ScopeChainNode(0, globalObject, &globalData, globalObject, exec->globalThisValue());
+    return new (exec) JSFunction(exec, function, scopeChain);
 }
 

trunk/Source/JavaScriptCore/runtime/GCActivityCallbackCF.cpp

@@ -34 +34 @@
 #include "JSGlobalData.h"
 #include "JSLock.h"
+#include "ScopeChain.h"
 #include <wtf/RetainPtr.h>
 #include <wtf/WTFThreadData.h>

trunk/Source/JavaScriptCore/runtime/Identifier.cpp

@@ -24 +24 @@
 #include "CallFrame.h"
 #include "NumericStrings.h"
+#include "ScopeChain.h"
 #include <new> // for placement new
 #include <string.h> // for strlen

trunk/Source/JavaScriptCore/runtime/JSCell.h

@@ -66 +66 @@
         friend class MarkedSpace;
         friend class MarkedBlock;
+        friend class ScopeChainNode;
 
     private:

trunk/Source/JavaScriptCore/runtime/JSFunction.cpp

@@ -60 +60 @@
     : Base(structure)
     , m_executable(adoptRef(new VPtrHackExecutable()))
-    , m_scopeChain(NoScopeChain())
 {
     ASSERT(inherits(&s_info));
@@ -68 +67 @@
     : Base(globalObject, structure)
     , m_executable(thunk)
-    , m_scopeChain(globalObject->globalScopeChain())
+    , m_scopeChain(exec->globalData(), this, globalObject->globalScopeChain())
 {
     ASSERT(inherits(&s_info));
@@ -78 +77 @@
     : Base(globalObject, structure)
     , m_executable(exec->globalData().getHostFunction(func))
-    , m_scopeChain(globalObject->globalScopeChain())
+    , m_scopeChain(exec->globalData(), this, globalObject->globalScopeChain())
 {
     ASSERT(inherits(&s_info));
@@ -86 +85 @@
 
 JSFunction::JSFunction(ExecState* exec, NonNullPassRefPtr<FunctionExecutable> executable, ScopeChainNode* scopeChainNode)
-    : Base(scopeChainNode->globalObject, scopeChainNode->globalObject->functionStructure())
+    : Base(scopeChainNode->globalObject.get(), scopeChainNode->globalObject->functionStructure())
     , m_executable(executable)
-    , m_scopeChain(scopeChainNode)
+    , m_scopeChain(exec->globalData(), this, scopeChainNode)
 {
     ASSERT(inherits(&s_info));
@@ -152 +151 @@
     if (!isHostFunction()) {
         jsExecutable()->markAggregate(markStack);
-        scope().markAggregate(markStack);
+        markStack.append(&m_scopeChain);
     }
 }
@@ -163 +162 @@
     }
     callData.js.functionExecutable = jsExecutable();
-    callData.js.scopeChain = scope().node();
+    callData.js.scopeChain = scope();
     return CallTypeJS;
 }
@@ -197 +196 @@
 
         if (!location) {
-            JSObject* prototype = constructEmptyObject(exec, scope().globalObject()->emptyObjectStructure());
+            JSObject* prototype = constructEmptyObject(exec, scope()->globalObject->emptyObjectStructure());
             prototype->putDirect(exec->globalData(), exec->propertyNames().constructor, this, DontEnum);
             putDirect(exec->globalData(), exec->propertyNames().prototype, prototype, DontDelete | DontEnum);
@@ -327 +326 @@
         return ConstructTypeNone;
     constructData.js.functionExecutable = jsExecutable();
-    constructData.js.scopeChain = scope().node();
+    constructData.js.scopeChain = scope();
     return ConstructTypeJS;
 }

trunk/Source/JavaScriptCore/runtime/JSFunction.h

@@ -54 +54 @@
         const UString calculatedDisplayName(ExecState*);
 
-        ScopeChain& scope()
+        ScopeChainNode* scope()
         {
             ASSERT(!isHostFunctionNonInline());
-            return m_scopeChain;
+            return m_scopeChain.get();
         }
-        void setScope(const ScopeChain& scopeChain)
+        void setScope(JSGlobalData& globalData, ScopeChainNode* scopeChain)
         {
             ASSERT(!isHostFunctionNonInline());
-            m_scopeChain = scopeChain;
+            m_scopeChain.set(globalData, this, scopeChain);
         }
 
@@ -104 +104 @@
 
         RefPtr<ExecutableBase> m_executable;
-        ScopeChain m_scopeChain;
+        WriteBarrier<ScopeChainNode> m_scopeChain;
     };
 

trunk/Source/JavaScriptCore/runtime/JSGlobalData.cpp

@@ -133 +133 @@
     , getterSetterStructure(GetterSetter::createStructure(jsNull()))
     , apiWrapperStructure(JSAPIValueWrapper::createStructure(jsNull()))
+    , scopeChainNodeStructure(ScopeChainNode::createStructure(jsNull()))
     , dummyMarkableCellStructure(JSCell::createDummyStructure())
     , identifierTable(globalDataType == Default ? wtfThreadData().currentIdentifierTable() : createIdentifierTable())

trunk/Source/JavaScriptCore/runtime/JSGlobalData.h

@@ -154 +154 @@
         RefPtr<Structure> getterSetterStructure;
         RefPtr<Structure> apiWrapperStructure;
+        RefPtr<Structure> scopeChainNodeStructure;
         RefPtr<Structure> dummyMarkableCellStructure;
 

trunk/Source/JavaScriptCore/runtime/JSGlobalObject.cpp

@@ -113 +113 @@
 
     d()->globalData = Heap::heap(this)->globalData();
-    d()->globalScopeChain = ScopeChain(this, d()->globalData.get(), this, thisValue);
-
-    JSGlobalObject::globalExec()->init(0, 0, d()->globalScopeChain.node(), CallFrame::noCaller(), 0, 0);
+    d()->globalScopeChain.set(*d()->globalData, this, new (d()->globalData.get()) ScopeChainNode(0, this, d()->globalData.get(), this, thisValue));
+
+    JSGlobalObject::globalExec()->init(0, 0, d()->globalScopeChain.get(), CallFrame::noCaller(), 0, 0);
 
     d()->debugger = 0;
@@ -320 +320 @@
     JSVariableObject::markChildren(markStack);
     
+    markIfNeeded(markStack, &d()->globalScopeChain);
+
     markIfNeeded(markStack, &d()->regExpConstructor);
     markIfNeeded(markStack, &d()->errorConstructor);

trunk/Source/JavaScriptCore/runtime/JSGlobalObject.h

@@ -70 +70 @@
                 , destructor(destructor)
                 , registerArraySize(0)
-                , globalScopeChain(NoScopeChain())
+                , globalScopeChain()
                 , weakRandom(static_cast<unsigned>(randomNumber() * (std::numeric_limits<unsigned>::max() + 1.0)))
             {
@@ -84 +84 @@
             Debugger* debugger;
             
-            ScopeChain globalScopeChain;
+            WriteBarrier<ScopeChainNode> globalScopeChain;
             Register globalCallFrame[RegisterFile::CallFrameHeaderSize];
 
@@ -229 +229 @@
         virtual bool supportsRichSourceInfo() const { return true; }
 
-        ScopeChain& globalScopeChain() { return d()->globalScopeChain; }
+        ScopeChainNode* globalScopeChain() { return d()->globalScopeChain.get(); }
 
         virtual bool isGlobalObject() const { return true; }

trunk/Source/JavaScriptCore/runtime/JSGlobalObjectFunctions.cpp

@@ -451 +451 @@
 
     RefPtr<EvalExecutable> eval = EvalExecutable::create(exec, makeSource(s), false);
-    JSObject* error = eval->compile(exec, static_cast<JSGlobalObject*>(unwrappedObject)->globalScopeChain().node());
+    JSObject* error = eval->compile(exec, static_cast<JSGlobalObject*>(unwrappedObject)->globalScopeChain());
     if (error)
         return throwVMError(exec, error);
 
-    return JSValue::encode(exec->interpreter()->execute(eval.get(), exec, thisObject, static_cast<JSGlobalObject*>(unwrappedObject)->globalScopeChain().node()));
+    return JSValue::encode(exec->interpreter()->execute(eval.get(), exec, thisObject, static_cast<JSGlobalObject*>(unwrappedObject)->globalScopeChain()));
 }
 

trunk/Source/JavaScriptCore/runtime/JSLock.cpp

@@ -24 +24 @@
 #include "Heap.h"
 #include "CallFrame.h"
+#include "ScopeChain.h"
 
 #if USE(PTHREADS)

trunk/Source/JavaScriptCore/runtime/JSNumberCell.cpp

@@ -23 +23 @@
 #include "config.h"
 #include "JSNumberCell.h"
+#include "ScopeChain.h"
 
 // Keep our exported symbols lists happy.

trunk/Source/JavaScriptCore/runtime/JSZombie.cpp

@@ -27 +27 @@
 #include "JSZombie.h"
 #include "ClassInfo.h"
+#include "ScopeChain.h"
 
 #if ENABLE(JSC_ZOMBIES)

trunk/Source/JavaScriptCore/runtime/MarkedBlock.cpp

@@ -28 +28 @@
 
 #include "JSCell.h"
+#include "ScopeChain.h"
 
 namespace JSC {

trunk/Source/JavaScriptCore/runtime/MarkedSpace.cpp

@@ -25 +25 @@
 #include "JSGlobalData.h"
 #include "JSLock.h"
+#include "ScopeChain.h"
 
 namespace JSC {

trunk/Source/JavaScriptCore/runtime/PropertyNameArray.cpp

@@ -22 +22 @@
 #include "PropertyNameArray.h"
 
+#include "ScopeChain.h"
 #include "Structure.h"
 #include "StructureChain.h"

trunk/Source/JavaScriptCore/runtime/ScopeChain.cpp

@@ -32 +32 @@
 #ifndef NDEBUG
 
-void ScopeChainNode::print() const
+void ScopeChainNode::print()
 {
     ScopeChainIterator scopeEnd = end();
     for (ScopeChainIterator scopeIter = begin(); scopeIter != scopeEnd; ++scopeIter) {
-        DeprecatedPtr<JSObject> o = *scopeIter;
+        JSObject* o = scopeIter->get();
         PropertyNameArray propertyNames(globalObject->globalExec());
         o->getPropertyNames(globalObject->globalExec(), propertyNames);
         PropertyNameArray::const_iterator propEnd = propertyNames.end();
 
-        fprintf(stderr, "----- [scope %p] -----\n", o.get());
+        fprintf(stderr, "----- [scope %p] -----\n", o);
         for (PropertyNameArray::const_iterator propIter = propertyNames.begin(); propIter != propEnd; propIter++) {
             Identifier name = *propIter;
@@ -52 +52 @@
 #endif
 
-int ScopeChain::localDepth() const
+int ScopeChainNode::localDepth()
 {
     int scopeDepth = 0;
@@ -66 +66 @@
 }
 
+void ScopeChainNode::markChildren(MarkStack& markStack)
+{
+    if (next)
+        markStack.append(&next);
+    markStack.append(&object);
+    markStack.append(&globalObject);
+    markStack.append(&globalThis);
+}
+
 } // namespace JSC

trunk/Source/JavaScriptCore/runtime/ScopeChain.h

@@ -22 +22 @@
 #define ScopeChain_h
 
-#include "WriteBarrier.h"
+#include "JSCell.h"
 #include <wtf/FastAllocBase.h>
 
@@ -33 +33 @@
     class ScopeChainIterator;
     
-    class ScopeChainNode {
-        WTF_MAKE_FAST_ALLOCATED;
+    class ScopeChainNode : public JSCell {
     public:
         ScopeChainNode(ScopeChainNode* next, JSObject* object, JSGlobalData* globalData, JSGlobalObject* globalObject, JSObject* globalThis)
-            : next(next)
-            , object(object)
+            : JSCell(globalData->scopeChainNodeStructure.get())
             , globalData(globalData)
-            , globalObject(globalObject)
-            , globalThis(globalThis)
-            , refCount(1)
+            , next(*globalData, this, next)
+            , object(*globalData, this, object)
+            , globalObject(*globalData, this, globalObject)
+            , globalThis(*globalData, this, globalThis)
         {
             ASSERT(globalData);
             ASSERT(globalObject);
         }
-#ifndef NDEBUG
-        // Due to the number of subtle and timing dependent bugs that have occurred due
-        // to deleted but still "valid" ScopeChainNodes we now deliberately clobber the
-        // contents in debug builds.
-        ~ScopeChainNode()
-        {
-            next = 0;
-            globalData = 0;
-            globalObject = 0;
-            globalThis = 0;
-        }
-#endif
 
-        ScopeChainNode* next;
-        DeprecatedPtr<JSObject> object;
         JSGlobalData* globalData;
-        JSGlobalObject* globalObject;
-        JSObject* globalThis;
-        int refCount;
-
-        void deref() { ASSERT(refCount); if (--refCount == 0) { release();} }
-        void ref() { ASSERT(refCount); ++refCount; }
-        void release();
-
-        // Before calling "push" on a bare ScopeChainNode, a client should
-        // logically "copy" the node. Later, the client can "deref" the head
-        // of its chain of ScopeChainNodes to reclaim all the nodes it added
-        // after the logical copy, leaving nodes added before the logical copy
-        // (nodes shared with other clients) untouched.
-        ScopeChainNode* copy()
-        {
-            ref();
-            return this;
-        }
+        WriteBarrier<ScopeChainNode> next;
+        WriteBarrier<JSObject> object;
+        WriteBarrier<JSGlobalObject> globalObject;
+        WriteBarrier<JSObject> globalThis;
 
         ScopeChainNode* push(JSObject*);
         ScopeChainNode* pop();
 
-        ScopeChainIterator begin() const;
-        ScopeChainIterator end() const;
+        ScopeChainIterator begin();
+        ScopeChainIterator end();
+
+        int localDepth();
 
 #ifndef NDEBUG        
-        void print() const;
+        void print();
 #endif
+        
+        static PassRefPtr<Structure> createStructure(JSValue proto) { return Structure::create(proto, TypeInfo(CompoundType, StructureFlags), AnonymousSlotCount, 0); }
+        virtual void markChildren(MarkStack&);
+    private:
+        static const unsigned StructureFlags = OverridesMarkChildren;
     };
 
@@ -96 +74 @@
     {
         ASSERT(o);
-        return new ScopeChainNode(this, o, globalData, globalObject, globalThis);
+        return new (globalData) ScopeChainNode(this, o, globalData, globalObject.get(), globalThis.get());
     }
 
@@ -102 +80 @@
     {
         ASSERT(next);
-        ScopeChainNode* result = next;
-
-        if (--refCount != 0)
-            ++result->refCount;
-        else
-            delete this;
-
-        return result;
-    }
-
-    inline void ScopeChainNode::release()
-    {
-        // This function is only called by deref(),
-        // Deref ensures these conditions are true.
-        ASSERT(refCount == 0);
-        ScopeChainNode* n = this;
-        do {
-            ScopeChainNode* next = n->next;
-            delete n;
-            n = next;
-        } while (n && --n->refCount == 0);
+        return next.get();
     }
 
     class ScopeChainIterator {
     public:
-        ScopeChainIterator(const ScopeChainNode* node)
+        ScopeChainIterator(ScopeChainNode* node)
             : m_node(node)
         {
         }
 
-        DeprecatedPtr<JSObject> const & operator*() const { return m_node->object; }
-        DeprecatedPtr<JSObject> const * operator->() const { return &(operator*()); }
+        WriteBarrier<JSObject> const & operator*() const { return m_node->object; }
+        WriteBarrier<JSObject> const * operator->() const { return &(operator*()); }
     
-        ScopeChainIterator& operator++() { m_node = m_node->next; return *this; }
+        ScopeChainIterator& operator++() { m_node = m_node->next.get(); return *this; }
 
         // postfix ++ intentionally omitted
@@ -143 +101 @@
 
     private:
-        const ScopeChainNode* m_node;
+        DeprecatedPtr<ScopeChainNode> m_node;
     };
 
-    inline ScopeChainIterator ScopeChainNode::begin() const
+    inline ScopeChainIterator ScopeChainNode::begin()
     {
         return ScopeChainIterator(this); 
     }
 
-    inline ScopeChainIterator ScopeChainNode::end() const
+    inline ScopeChainIterator ScopeChainNode::end()
     { 
         return ScopeChainIterator(0); 
     }
 
-    class NoScopeChain {};
-
-    class ScopeChain {
-        friend class JIT;
-    public:
-        ScopeChain(NoScopeChain)
-            : m_node(0)
-        {
-        }
-
-        ScopeChain(JSObject* o, JSGlobalData* globalData, JSGlobalObject* globalObject, JSObject* globalThis)
-            : m_node(new ScopeChainNode(0, o, globalData, globalObject, globalThis))
-        {
-        }
-
-        ScopeChain(const ScopeChain& c)
-            : m_node(c.m_node->copy())
-        {
-        }
-
-        ScopeChain& operator=(const ScopeChain& c);
-
-        explicit ScopeChain(ScopeChainNode* node)
-            : m_node(node->copy())
-        {
-        }
-
-        ~ScopeChain()
-        {
-            if (m_node)
-                m_node->deref();
-#ifndef NDEBUG
-            m_node = 0;
-#endif
-        }
-
-        void swap(ScopeChain&);
-
-        ScopeChainNode* node() const { return m_node; }
-
-        JSObject* top() const { return m_node->object.get(); }
-
-        ScopeChainIterator begin() const { return m_node->begin(); }
-        ScopeChainIterator end() const { return m_node->end(); }
-
-        void push(JSObject* o) { m_node = m_node->push(o); }
-
-        void pop() { m_node = m_node->pop(); }
-        void clear() { m_node->deref(); m_node = 0; }
-        
-        JSGlobalObject* globalObject() const { return m_node->globalObject; }
-
-        void markAggregate(MarkStack&) const;
-
-        // Caution: this should only be used if the codeblock this is being used
-        // with needs a full scope chain, otherwise this returns the depth of
-        // the preceeding call frame
-        //
-        // Returns the depth of the current call frame's scope chain
-        int localDepth() const;
-
-#ifndef NDEBUG        
-        void print() const { m_node->print(); }
-#endif
-
-    private:
-        ScopeChainNode* m_node;
-    };
-
-    inline void ScopeChain::swap(ScopeChain& o)
+    ALWAYS_INLINE JSGlobalData& ExecState::globalData() const
     {
-        ScopeChainNode* tmp = m_node;
-        m_node = o.m_node;
-        o.m_node = tmp;
+        ASSERT(scopeChain()->globalData);
+        return *scopeChain()->globalData;
     }
 
-    inline ScopeChain& ScopeChain::operator=(const ScopeChain& c)
+    ALWAYS_INLINE JSGlobalObject* ExecState::lexicalGlobalObject() const
     {
-        ScopeChain tmp(c);
-        swap(tmp);
-        return *this;
+        return scopeChain()->globalObject.get();
+    }
+    
+    ALWAYS_INLINE JSObject* ExecState::globalThisValue() const
+    {
+        return scopeChain()->globalThis.get();
     }
 

trunk/Source/JavaScriptCore/runtime/ScopeChainMark.h

@@ -26 +26 @@
 namespace JSC {
 
-    inline void ScopeChain::markAggregate(MarkStack& markStack) const
-    {
-        for (ScopeChainNode* n = m_node; n; n = n->next)
-            markStack.append(&n->object);
-    }
-
 } // namespace JSC
 

trunk/Source/JavaScriptCore/wtf/DateMath.cpp

@@ -77 +77 @@
 #include "CurrentTime.h"
 #include "MathExtras.h"
+#if USE(JSC)
+#include "ScopeChain.h"
+#endif
 #include "StdLibExtras.h"
 #include "StringExtras.h"

trunk/Source/WebCore/ChangeLog

@@ +1 @@
+2011-02-28  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Gavin Barraclough.
+
+        Make ScopeChainNode GC allocated
+        https://bugs.webkit.org/show_bug.cgi?id=55283
+
+        Update WebCore to deal with the absence of the ScopeChain
+        class.
+
+        * ForwardingHeaders/runtime/ScopeChain.h: Added.
+        * bindings/js/JSHTMLElementCustom.cpp:
+        (WebCore::JSHTMLElement::pushEventHandlerScope):
+        * bindings/js/JSJavaScriptCallFrameCustom.cpp:
+        (WebCore::JSJavaScriptCallFrame::scopeChain):
+        (WebCore::JSJavaScriptCallFrame::scopeType):
+        * bindings/js/JSLazyEventListener.cpp:
+        (WebCore::JSLazyEventListener::initializeJSFunction):
+        * bindings/js/JSMainThreadExecState.h:
+        (WebCore::JSMainThreadExecState::evaluate):
+        * bindings/js/JSNodeCustom.cpp:
+        (WebCore::JSNode::pushEventHandlerScope):
+        * bindings/js/JavaScriptCallFrame.cpp:
+        (WebCore::JavaScriptCallFrame::scopeChain):
+        * bindings/js/JavaScriptCallFrame.h:
+        * bindings/scripts/CodeGeneratorJS.pm:
+        * bridge/c/c_class.cpp:
+        * bridge/c/c_runtime.cpp:
+        * bridge/jni/JNIBridge.cpp:
+        * bridge/qt/qt_runtime.cpp:
+        (JSC::Bindings::QtConnectionObject::execute):
+        * plugins/PluginViewNone.cpp:
+
 2011-02-28  Chang Shu  <cshu@webkit.org>
 

trunk/Source/WebCore/bindings/js/JSHTMLElementCustom.cpp

@@ -34 +34 @@
 using namespace JSC;
 
-void JSHTMLElement::pushEventHandlerScope(ExecState* exec, ScopeChain& scope) const
+ScopeChainNode* JSHTMLElement::pushEventHandlerScope(ExecState* exec, ScopeChainNode* scope) const
 {
     HTMLElement* element = impl();
 
     // The document is put on first, fall back to searching it only after the element and form.
-    scope.push(asObject(toJS(exec, globalObject(), element->ownerDocument())));
+    scope = scope->push(asObject(toJS(exec, globalObject(), element->ownerDocument())));
 
     // The form is next, searched before the document, but after the element itself.
     if (HTMLFormElement* form = element->form())
-        scope.push(asObject(toJS(exec, globalObject(), form)));
+        scope = scope->push(asObject(toJS(exec, globalObject(), form)));
 
     // The element is on top, searched first.
-    scope.push(asObject(toJS(exec, globalObject(), element)));
+    return scope->push(asObject(toJS(exec, globalObject(), element)));
 }
 

trunk/Source/WebCore/bindings/js/JSJavaScriptCallFrameCustom.cpp

@@ -71 +71 @@
         return jsNull();
 
-    const ScopeChainNode* scopeChain = impl()->scopeChain();
+    ScopeChainNode* scopeChain = impl()->scopeChain();
     ScopeChainIterator iter = scopeChain->begin();
     ScopeChainIterator end = scopeChain->end();
@@ -96 +96 @@
     int index = exec->argument(0).asInt32();
 
-    const ScopeChainNode* scopeChain = impl()->scopeChain();
+    ScopeChainNode* scopeChain = impl()->scopeChain();
     ScopeChainIterator end = scopeChain->end();
 
     bool foundLocalScope = false;
     for (ScopeChainIterator iter = scopeChain->begin(); iter != end; ++iter) {
-        JSC::DeprecatedPtr<JSObject> scope = *iter;
+        JSObject* scope = iter->get();
         if (scope->isActivationObject()) {
             if (!foundLocalScope) {

trunk/Source/WebCore/bindings/js/JSLazyEventListener.cpp

@@ -121 +121 @@
         // Add the event's home element to the scope
         // (and the document, and the form - see JSHTMLElement::eventHandlerScope)
-        ScopeChain scope = listenerAsFunction->scope();
-        static_cast<JSNode*>(wrapper())->pushEventHandlerScope(exec, scope);
-        listenerAsFunction->setScope(scope);
+        listenerAsFunction->setScope(exec->globalData(), static_cast<JSNode*>(wrapper())->pushEventHandlerScope(exec, listenerAsFunction->scope()));
     }
 

trunk/Source/WebCore/bindings/js/JSMainThreadExecState.h

@@ -49 +49 @@
     };
 
-    static JSC::Completion evaluate(JSC::ExecState* exec, JSC::ScopeChain& chain, const JSC::SourceCode& source, JSC::JSValue thisValue)
+    static JSC::Completion evaluate(JSC::ExecState* exec, JSC::ScopeChainNode* chain, const JSC::SourceCode& source, JSC::JSValue thisValue)
     {
         JSMainThreadExecState currentState(exec);

trunk/Source/WebCore/bindings/js/JSNodeCustom.cpp

@@ -113 +113 @@
 }
 
-void JSNode::pushEventHandlerScope(ExecState*, ScopeChain&) const
-{
+ScopeChainNode* JSNode::pushEventHandlerScope(ExecState*, ScopeChainNode* node) const
+{
+    return node;
 }
 

trunk/Source/WebCore/bindings/js/JavaScriptCallFrame.cpp

@@ -57 +57 @@
 }
 
-const JSC::ScopeChainNode* JavaScriptCallFrame::scopeChain() const
+JSC::ScopeChainNode* JavaScriptCallFrame::scopeChain() const
 {
     ASSERT(m_isValid);

trunk/Source/WebCore/bindings/js/JavaScriptCallFrame.h

@@ -70 +70 @@
     String functionName() const;
     JSC::DebuggerCallFrame::Type type() const;
-    const JSC::ScopeChainNode* scopeChain() const;
+    JSC::ScopeChainNode* scopeChain() const;
     JSC::JSGlobalObject* dynamicGlobalObject() const;
 

trunk/Source/WebCore/bindings/scripts/CodeGeneratorJS.pm

@@ -759 +759 @@
 
     # Custom pushEventHandlerScope function
-    push(@headerContent, "    virtual void pushEventHandlerScope(JSC::ExecState*, JSC::ScopeChain&) const;\n\n") if $dataNode->extendedAttributes->{"CustomPushEventHandlerScope"};
+    push(@headerContent, "    virtual JSC::ScopeChainNode* pushEventHandlerScope(JSC::ExecState*, JSC::ScopeChainNode*) const;\n\n") if $dataNode->extendedAttributes->{"CustomPushEventHandlerScope"};
 
     # Custom call functions

trunk/Source/WebCore/bridge/c/c_class.cpp

@@ -33 +33 @@
 #include "c_runtime.h"
 #include "npruntime_impl.h"
+#include <runtime/ScopeChain.h>
 #include <runtime/Identifier.h>
 #include <runtime/JSLock.h>

trunk/Source/WebCore/bridge/c/c_runtime.cpp

@@ -33 +33 @@
 #include "c_utility.h"
 #include "npruntime_impl.h"
+#include <runtime/ScopeChain.h>
 #include <runtime/JSLock.h>
 

trunk/Source/WebCore/bridge/jni/JNIBridge.cpp

@@ -30 +30 @@
 #if ENABLE(JAVA_BRIDGE)
 
+#include <runtime/ScopeChain.h>
 #include <wtf/text/CString.h>
 #include <wtf/text/StringBuilder.h>

trunk/Source/WebCore/bridge/qt/qt_runtime.cpp

@@ -1827 +1827 @@
                     }
                     // Stuff in the __qt_sender property, if we can
-                    ScopeChain oldsc = ScopeChain(NoScopeChain());
+                    ScopeChainNode* oldsc = 0;
                     JSFunction* fimp = 0;
                     if (m_funcObject->inherits(&JSFunction::s_info)) {
@@ -1837 +1837 @@
                         wrapper->put(exec, Identifier(exec, "__qt_sender__"), qt_sender, slot);
                         oldsc = fimp->scope();
-                        ScopeChain sc = oldsc;
-                        sc.push(wrapper);
-                        fimp->setScope(sc);
+                        fimp->setScope(oldsc->push(wrapper));
                     }
 

trunk/Source/WebCore/plugins/PluginViewNone.cpp

@@ -29 +29 @@
 #if USE(JSC)
 #include "Bridge.h"
+#include <runtime/ScopeChain.h>
 #endif
 

trunk/Source/WebKit/mac/ChangeLog

@@ +1 @@
+2011-02-28  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Gavin Barraclough.
+
+        Make ScopeChainNode GC allocated
+        https://bugs.webkit.org/show_bug.cgi?id=55283
+
+        More updates for the absence of the ScopeChain class
+
+        * WebView/WebScriptDebugDelegate.mm:
+        (-[WebScriptCallFrame scopeChain]):
+
 2011-02-26  Vsevolod Vlasov  <vsevik@chromium.org>
 

trunk/Source/WebKit/mac/WebView/WebScriptDebugDelegate.mm

@@ -177 +177 @@
     JSLock lock(SilenceAssertionsOnly);
 
-    const ScopeChainNode* scopeChain = _private->debuggerCallFrame->scopeChain();
+    ScopeChainNode* scopeChain = _private->debuggerCallFrame->scopeChain();
     if (!scopeChain->next)  // global frame
         return [NSArray arrayWithObject:_private->globalObject];