Imported WebKit commit 0dc6cd75e1d4836eaffbb520be96fac4847cc9d2 (http://svn.webkit.org/repository/webkit/trunk@131300)

WebKit update which introduces the QtWebKitWidgets module that contains the WK1
widgets based API. (In fact it renames QtWebKit to QtWebKitWidgets while we're
working on completing the entire split as part of
https://bugs.webkit.org/show_bug.cgi?id=99314

12 files changed, 357 insertions, 64 deletions

diff --git a/Source/JavaScriptCore/bytecode/ByValInfo.h b/Source/JavaScriptCore/bytecode/ByValInfo.h
new file mode 100644
index 000000000..8cba4463d
--- /dev/null
+++ b/Source/JavaScriptCore/bytecode/ByValInfo.h
@@ -0,0 +1,158 @@
+/*
+ * Copyright (C) 2012 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
+ */
+
+#ifndef ByValInfo_h
+#define ByValInfo_h
+
+#include <wtf/Platform.h>
+
+#if ENABLE(JIT)
+
+#include "ClassInfo.h"
+#include "CodeLocation.h"
+#include "IndexingType.h"
+#include "JITStubRoutine.h"
+#include "Structure.h"
+
+namespace JSC {
+
+enum JITArrayMode {
+    JITContiguous,
+    JITArrayStorage,
+    JITInt8Array,
+    JITInt16Array,
+    JITInt32Array,
+    JITUint8Array,
+    JITUint8ClampedArray,
+    JITUint16Array,
+    JITUint32Array,
+    JITFloat32Array,
+    JITFloat64Array
+};
+
+inline bool isOptimizableIndexingType(IndexingType indexingType)
+{
+    switch (indexingType) {
+    case ALL_CONTIGUOUS_INDEXING_TYPES:
+    case ARRAY_WITH_ARRAY_STORAGE_INDEXING_TYPES:
+        return true;
+    default:
+        return false;
+    }
+}
+
+inline bool hasOptimizableIndexingForClassInfo(const ClassInfo* classInfo)
+{
+    return classInfo->typedArrayStorageType != TypedArrayNone;
+}
+
+inline bool hasOptimizableIndexing(Structure* structure)
+{
+    return isOptimizableIndexingType(structure->indexingType())
+        || hasOptimizableIndexingForClassInfo(structure->classInfo());
+}
+
+inline JITArrayMode jitArrayModeForIndexingType(IndexingType indexingType)
+{
+    switch (indexingType) {
+    case ALL_CONTIGUOUS_INDEXING_TYPES:
+        return JITContiguous;
+    case ARRAY_WITH_ARRAY_STORAGE_INDEXING_TYPES:
+        return JITArrayStorage;
+    default:
+        CRASH();
+        return JITContiguous;
+    }
+}
+
+inline JITArrayMode jitArrayModeForClassInfo(const ClassInfo* classInfo)
+{
+    switch (classInfo->typedArrayStorageType) {
+    case TypedArrayInt8:
+        return JITInt8Array;
+    case TypedArrayInt16:
+        return JITInt16Array;
+    case TypedArrayInt32:
+        return JITInt32Array;
+    case TypedArrayUint8:
+        return JITUint8Array;
+    case TypedArrayUint8Clamped:
+        return JITUint8ClampedArray;
+    case TypedArrayUint16:
+        return JITUint16Array;
+    case TypedArrayUint32:
+        return JITUint32Array;
+    case TypedArrayFloat32:
+        return JITFloat32Array;
+    case TypedArrayFloat64:
+        return JITFloat64Array;
+    default:
+        CRASH();
+        return JITContiguous;
+    }
+}
+
+inline JITArrayMode jitArrayModeForStructure(Structure* structure)
+{
+    if (isOptimizableIndexingType(structure->indexingType()))
+        return jitArrayModeForIndexingType(structure->indexingType());
+    
+    ASSERT(hasOptimizableIndexingForClassInfo(structure->classInfo()));
+    return jitArrayModeForClassInfo(structure->classInfo());
+}
+
+struct ByValInfo {
+    ByValInfo() { }
+    
+    ByValInfo(unsigned bytecodeIndex, CodeLocationJump badTypeJump, JITArrayMode arrayMode, int16_t badTypeJumpToDone, int16_t returnAddressToSlowPath)
+        : bytecodeIndex(bytecodeIndex)
+        , badTypeJump(badTypeJump)
+        , arrayMode(arrayMode)
+        , badTypeJumpToDone(badTypeJumpToDone)
+        , returnAddressToSlowPath(returnAddressToSlowPath)
+        , slowPathCount(0)
+    {
+    }
+    
+    unsigned bytecodeIndex;
+    CodeLocationJump badTypeJump;
+    JITArrayMode arrayMode; // The array mode that was baked into the inline JIT code.
+    int16_t badTypeJumpToDone;
+    int16_t returnAddressToSlowPath;
+    unsigned slowPathCount;
+    RefPtr<JITStubRoutine> stubRoutine;
+};
+
+inline unsigned getByValInfoBytecodeIndex(ByValInfo* info)
+{
+    return info->bytecodeIndex;
+}
+
+} // namespace JSC
+
+#endif // ENABLE(JIT)
+
+#endif // ByValInfo_h
+
diff --git a/Source/JavaScriptCore/bytecode/BytecodeConventions.h b/Source/JavaScriptCore/bytecode/BytecodeConventions.h
index f33b060f8..e375f263c 100644
--- a/Source/JavaScriptCore/bytecode/BytecodeConventions.h
+++ b/Source/JavaScriptCore/bytecode/BytecodeConventions.h
@@ -27,7 +27,7 @@
 #define BytecodeConventions_h
 
 // Register numbers used in bytecode operations have different meaning according to their ranges:
-//      0x80000000-0xFFFFFFFF  Negative indices from the CallFrame pointer are entries in the call frame, see RegisterFile.h.
+//      0x80000000-0xFFFFFFFF  Negative indices from the CallFrame pointer are entries in the call frame, see JSStack.h.
 //      0x00000000-0x3FFFFFFF  Forwards indices from the CallFrame pointer are local vars and temporaries with the function's callframe.
 //      0x40000000-0x7FFFFFFF  Positive indices from 0x40000000 specify entries in the constant pool on the CodeBlock.
 static const int FirstConstantRegisterIndex = 0x40000000;
diff --git a/Source/JavaScriptCore/bytecode/CodeBlock.cpp b/Source/JavaScriptCore/bytecode/CodeBlock.cpp
index bd8bfec0d..9b8260a79 100644
--- a/Source/JavaScriptCore/bytecode/CodeBlock.cpp
+++ b/Source/JavaScriptCore/bytecode/CodeBlock.cpp
@@ -641,7 +641,7 @@ void CodeBlock::dump(ExecState* exec)
             dataLog("  %1d = {\n", i);
             StringJumpTable::StringOffsetTable::const_iterator end = m_rareData->m_stringSwitchJumpTables[i].offsetTable.end();
             for (StringJumpTable::StringOffsetTable::const_iterator iter = m_rareData->m_stringSwitchJumpTables[i].offsetTable.begin(); iter != end; ++iter)
-                dataLog("\t\t\"%s\" => %04d\n", String(iter->first).utf8().data(), iter->second.branchOffset);
+                dataLog("\t\t\"%s\" => %04d\n", String(iter->key).utf8().data(), iter->value.branchOffset);
             dataLog("      }\n");
             ++i;
         } while (i < m_rareData->m_stringSwitchJumpTables.size());
@@ -1899,7 +1899,7 @@ void EvalCodeCache::visitAggregate(SlotVisitor& visitor)
 {
     EvalCacheMap::iterator end = m_cacheMap.end();
     for (EvalCacheMap::iterator ptr = m_cacheMap.begin(); ptr != end; ++ptr)
-        visitor.append(&ptr->second);
+        visitor.append(&ptr->value);
 }
 
 void CodeBlock::visitAggregate(SlotVisitor& visitor)
@@ -3002,8 +3002,8 @@ String CodeBlock::nameForRegister(int registerNumber)
 {
     SymbolTable::iterator end = m_symbolTable->end();
     for (SymbolTable::iterator ptr = m_symbolTable->begin(); ptr != end; ++ptr) {
-        if (ptr->second.getIndex() == registerNumber)
-            return String(ptr->first);
+        if (ptr->value.getIndex() == registerNumber)
+            return String(ptr->key);
     }
     if (needsActivation() && registerNumber == activationRegister())
         return ASCIILiteral("activation");
@@ -3017,7 +3017,7 @@ String CodeBlock::nameForRegister(int registerNumber)
     }
     if (registerNumber < 0) {
         int argumentPosition = -registerNumber;
-        argumentPosition -= RegisterFile::CallFrameHeaderSize + 1;
+        argumentPosition -= JSStack::CallFrameHeaderSize + 1;
         return String::format("arguments[%3d]", argumentPosition - 1).impl();
     }
     return "";
diff --git a/Source/JavaScriptCore/bytecode/CodeBlock.h b/Source/JavaScriptCore/bytecode/CodeBlock.h
index 22c48311c..01a8ef4a1 100644
--- a/Source/JavaScriptCore/bytecode/CodeBlock.h
+++ b/Source/JavaScriptCore/bytecode/CodeBlock.h
@@ -31,6 +31,7 @@
 #define CodeBlock_h
 
 #include "ArrayProfile.h"
+#include "ByValInfo.h"
 #include "BytecodeConventions.h"
 #include "CallLinkInfo.h"
 #include "CallReturnOffsetToBytecodeOffset.h"
@@ -159,7 +160,7 @@ namespace JSC {
             return result;
         }
 #endif
-        
+
         void visitAggregate(SlotVisitor&);
 
         static void dumpStatistics();
@@ -209,6 +210,11 @@ namespace JSC {
         }
         
         void resetStub(StructureStubInfo&);
+        
+        ByValInfo& getByValInfo(unsigned bytecodeIndex)
+        {
+            return *(binarySearch<ByValInfo, unsigned, getByValInfoBytecodeIndex>(m_byValInfos.begin(), m_byValInfos.size(), bytecodeIndex));
+        }
 
         CallLinkInfo& getCallLinkInfo(ReturnAddressPtr returnAddress)
         {
@@ -610,6 +616,10 @@ namespace JSC {
         void setNumberOfStructureStubInfos(size_t size) { m_structureStubInfos.grow(size); }
         size_t numberOfStructureStubInfos() const { return m_structureStubInfos.size(); }
         StructureStubInfo& structureStubInfo(int index) { return m_structureStubInfos[index]; }
+        
+        void setNumberOfByValInfos(size_t size) { m_byValInfos.grow(size); }
+        size_t numberOfByValInfos() const { return m_byValInfos.size(); }
+        ByValInfo& byValInfo(size_t index) { return m_byValInfos[index]; }
 
         void addGlobalResolveInfo(unsigned globalResolveInstruction)
         {
@@ -915,18 +925,32 @@ namespace JSC {
         }
         RegExp* regexp(int index) const { ASSERT(m_rareData); return m_rareData->m_regexps[index].get(); }
 
-        unsigned addConstantBuffer(unsigned length)
+        unsigned numberOfConstantBuffers() const
+        {
+            if (!m_rareData)
+                return 0;
+            return m_rareData->m_constantBuffers.size();
+        }
+        unsigned addConstantBuffer(const Vector<JSValue>& buffer)
         {
             createRareDataIfNecessary();
             unsigned size = m_rareData->m_constantBuffers.size();
-            m_rareData->m_constantBuffers.append(Vector<JSValue>(length));
+            m_rareData->m_constantBuffers.append(buffer);
             return size;
         }
+        unsigned addConstantBuffer(unsigned length)
+        {
+            return addConstantBuffer(Vector<JSValue>(length));
+        }
 
-        JSValue* constantBuffer(unsigned index)
+        Vector<JSValue>& constantBufferAsVector(unsigned index)
         {
             ASSERT(m_rareData);
-            return m_rareData->m_constantBuffers[index].data();
+            return m_rareData->m_constantBuffers[index];
+        }
+        JSValue* constantBuffer(unsigned index)
+        {
+            return constantBufferAsVector(index).data();
         }
 
         JSGlobalObject* globalObject() { return m_globalObject.get(); }
@@ -1289,6 +1313,7 @@ namespace JSC {
 #endif
 #if ENABLE(JIT)
         Vector<StructureStubInfo> m_structureStubInfos;
+        Vector<ByValInfo> m_byValInfos;
         Vector<GlobalResolveInfo> m_globalResolveInfos;
         Vector<CallLinkInfo> m_callLinkInfos;
         Vector<MethodCallLinkInfo> m_methodCallLinkInfos;
diff --git a/Source/JavaScriptCore/bytecode/Instruction.h b/Source/JavaScriptCore/bytecode/Instruction.h
index b276fd957..9fcf509f6 100644
--- a/Source/JavaScriptCore/bytecode/Instruction.h
+++ b/Source/JavaScriptCore/bytecode/Instruction.h
@@ -33,6 +33,7 @@
 #include "MacroAssembler.h"
 #include "Opcode.h"
 #include "PropertySlot.h"
+#include "SpecialPointer.h"
 #include "Structure.h"
 #include "StructureChain.h"
 #include <wtf/VectorTraits.h>
@@ -195,6 +196,8 @@ namespace JSC {
         
         Instruction(WriteBarrier<Unknown>* registerPointer) { u.registerPointer = registerPointer; }
         
+        Instruction(Special::Pointer pointer) { u.specialPointer = pointer; }
+        
         Instruction(bool* predicatePointer) { u.predicatePointer = predicatePointer; }
 
         union {
@@ -204,6 +207,7 @@ namespace JSC {
             WriteBarrierBase<StructureChain> structureChain;
             WriteBarrierBase<JSCell> jsCell;
             WriteBarrier<Unknown>* registerPointer;
+            Special::Pointer specialPointer;
             PropertySlot::GetValueFunc getterFunc;
             LLIntCallLinkInfo* callLinkInfo;
             ValueProfile* profile;
diff --git a/Source/JavaScriptCore/bytecode/JumpTable.h b/Source/JavaScriptCore/bytecode/JumpTable.h
index a01f90cb0..f54a3718f 100644
--- a/Source/JavaScriptCore/bytecode/JumpTable.h
+++ b/Source/JavaScriptCore/bytecode/JumpTable.h
@@ -57,7 +57,7 @@ namespace JSC {
             StringOffsetTable::const_iterator loc = offsetTable.find(value);
             if (loc == end)
                 return defaultOffset;
-            return loc->second.branchOffset;
+            return loc->value.branchOffset;
         }
 
 #if ENABLE(JIT)
@@ -67,7 +67,7 @@ namespace JSC {
             StringOffsetTable::const_iterator loc = offsetTable.find(value);
             if (loc == end)
                 return ctiDefault;
-            return loc->second.ctiOffset;
+            return loc->value.ctiOffset;
         }
 #endif
     };
diff --git a/Source/JavaScriptCore/bytecode/LazyOperandValueProfile.cpp b/Source/JavaScriptCore/bytecode/LazyOperandValueProfile.cpp
index 59f0d0234..f923e4a28 100644
--- a/Source/JavaScriptCore/bytecode/LazyOperandValueProfile.cpp
+++ b/Source/JavaScriptCore/bytecode/LazyOperandValueProfile.cpp
@@ -81,7 +81,7 @@ LazyOperandValueProfile* LazyOperandValueProfileParser::getIfPresent(
     if (iter == m_map.end())
         return 0;
     
-    return iter->second;
+    return iter->value;
 }
 
 SpeculatedType LazyOperandValueProfileParser::prediction(
diff --git a/Source/JavaScriptCore/bytecode/SamplingTool.cpp b/Source/JavaScriptCore/bytecode/SamplingTool.cpp
index f07dc79fb..f9b8245e5 100644
--- a/Source/JavaScriptCore/bytecode/SamplingTool.cpp
+++ b/Source/JavaScriptCore/bytecode/SamplingTool.cpp
@@ -410,7 +410,7 @@ void SamplingTool::dump(ExecState* exec)
     Vector<ScriptSampleRecord*> codeBlockSamples(scopeCount);
     ScriptSampleRecordMap::iterator iter = m_scopeSampleMap->begin();
     for (int i = 0; i < scopeCount; ++i, ++iter)
-        codeBlockSamples[i] = iter->second.get();
+        codeBlockSamples[i] = iter->value.get();
 
     qsort(codeBlockSamples.begin(), scopeCount, sizeof(ScriptSampleRecord*), compareScriptSampleRecords);
 
@@ -446,8 +446,8 @@ void SamplingTool::dump(ExecState* exec)
                 Vector<LineCountInfo> lineCountInfo(linesCount);
                 int lineno = 0;
                 for (HashMap<unsigned,unsigned>::iterator iter = lineCounts.begin(); iter != lineCounts.end(); ++iter, ++lineno) {
-                    lineCountInfo[lineno].line = iter->first;
-                    lineCountInfo[lineno].count = iter->second;
+                    lineCountInfo[lineno].line = iter->key;
+                    lineCountInfo[lineno].count = iter->value;
                 }
 
                 qsort(lineCountInfo.begin(), linesCount, sizeof(LineCountInfo), compareLineCountInfoSampling);
diff --git a/Source/JavaScriptCore/bytecode/SamplingTool.h b/Source/JavaScriptCore/bytecode/SamplingTool.h
index 52a6e35ad..8f90c3e17 100644
--- a/Source/JavaScriptCore/bytecode/SamplingTool.h
+++ b/Source/JavaScriptCore/bytecode/SamplingTool.h
@@ -37,6 +37,7 @@
 #include <wtf/Atomics.h>
 #include <wtf/HashMap.h>
 #include <wtf/MainThread.h>
+#include <wtf/Spectrum.h>
 #include <wtf/Threading.h>
 
 namespace JSC {
diff --git a/Source/JavaScriptCore/bytecode/SpecialPointer.cpp b/Source/JavaScriptCore/bytecode/SpecialPointer.cpp
new file mode 100644
index 000000000..7789653f0
--- /dev/null
+++ b/Source/JavaScriptCore/bytecode/SpecialPointer.cpp
@@ -0,0 +1,45 @@
+/*
+ * Copyright (C) 2012 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
+ */
+
+#include "config.h"
+#include "SpecialPointer.h"
+
+#include "CodeBlock.h"
+#include "JSGlobalObject.h"
+
+namespace JSC {
+
+void* actualPointerFor(JSGlobalObject* globalObject, Special::Pointer pointer)
+{
+    return globalObject->actualPointerFor(pointer);
+}
+
+void* actualPointerFor(CodeBlock* codeBlock, Special::Pointer pointer)
+{
+    return actualPointerFor(codeBlock->globalObject(), pointer);
+}
+
+} // namespace JSC
+
diff --git a/Source/JavaScriptCore/bytecode/SpecialPointer.h b/Source/JavaScriptCore/bytecode/SpecialPointer.h
new file mode 100644
index 000000000..2c624784b
--- /dev/null
+++ b/Source/JavaScriptCore/bytecode/SpecialPointer.h
@@ -0,0 +1,60 @@
+/*
+ * Copyright (C) 2012 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
+ */
+
+#ifndef SpecialPointer_h
+#define SpecialPointer_h
+
+namespace JSC {
+
+class CodeBlock;
+class JSGlobalObject;
+
+namespace Special {
+enum Pointer {
+    CallFunction,
+    ApplyFunction,
+    TableSize // Not a real special pointer. Use this to determine the number of pointers.
+};
+} // namespace Special
+
+inline bool pointerIsFunction(Special::Pointer pointer)
+{
+    ASSERT_UNUSED(pointer, pointer < Special::TableSize);
+    return true;
+}
+
+inline bool pointerIsCell(Special::Pointer pointer)
+{
+    ASSERT_UNUSED(pointer, pointer < Special::TableSize);
+    return true;
+}
+
+void* actualPointerFor(JSGlobalObject*, Special::Pointer);
+void* actualPointerFor(CodeBlock*, Special::Pointer);
+
+} // namespace JSC
+
+#endif // SpecialPointer_h
+
diff --git a/Source/JavaScriptCore/bytecode/ValueRecovery.h b/Source/JavaScriptCore/bytecode/ValueRecovery.h
index 1be5201ea..93ad221d8 100644
--- a/Source/JavaScriptCore/bytecode/ValueRecovery.h
+++ b/Source/JavaScriptCore/bytecode/ValueRecovery.h
@@ -38,13 +38,13 @@ namespace JSC {
 // Describes how to recover a given bytecode virtual register at a given
 // code point.
 enum ValueRecoveryTechnique {
-    // It's already in the register file at the right location.
-    AlreadyInRegisterFile,
-    // It's already in the register file but unboxed.
-    AlreadyInRegisterFileAsUnboxedInt32,
-    AlreadyInRegisterFileAsUnboxedCell,
-    AlreadyInRegisterFileAsUnboxedBoolean,
-    AlreadyInRegisterFileAsUnboxedDouble,
+    // It's already in the stack at the right location.
+    AlreadyInJSStack,
+    // It's already in the stack but unboxed.
+    AlreadyInJSStackAsUnboxedInt32,
+    AlreadyInJSStackAsUnboxedCell,
+    AlreadyInJSStackAsUnboxedBoolean,
+    AlreadyInJSStackAsUnboxedDouble,
     // It's in a register.
     InGPR,
     UnboxedInt32InGPR,
@@ -54,13 +54,13 @@ enum ValueRecoveryTechnique {
 #endif
     InFPR,
     UInt32InGPR,
-    // It's in the register file, but at a different location.
-    DisplacedInRegisterFile,
-    // It's in the register file, at a different location, and it's unboxed.
-    Int32DisplacedInRegisterFile,
-    DoubleDisplacedInRegisterFile,
-    CellDisplacedInRegisterFile,
-    BooleanDisplacedInRegisterFile,
+    // It's in the stack, but at a different location.
+    DisplacedInJSStack,
+    // It's in the stack, at a different location, and it's unboxed.
+    Int32DisplacedInJSStack,
+    DoubleDisplacedInJSStack,
+    CellDisplacedInJSStack,
+    BooleanDisplacedInJSStack,
     // It's an Arguments object.
     ArgumentsThatWereNotCreated,
     // It's a constant.
@@ -79,38 +79,38 @@ public:
     bool isSet() const { return m_technique != DontKnow; }
     bool operator!() const { return !isSet(); }
     
-    static ValueRecovery alreadyInRegisterFile()
+    static ValueRecovery alreadyInJSStack()
     {
         ValueRecovery result;
-        result.m_technique = AlreadyInRegisterFile;
+        result.m_technique = AlreadyInJSStack;
         return result;
     }
     
-    static ValueRecovery alreadyInRegisterFileAsUnboxedInt32()
+    static ValueRecovery alreadyInJSStackAsUnboxedInt32()
     {
         ValueRecovery result;
-        result.m_technique = AlreadyInRegisterFileAsUnboxedInt32;
+        result.m_technique = AlreadyInJSStackAsUnboxedInt32;
         return result;
     }
     
-    static ValueRecovery alreadyInRegisterFileAsUnboxedCell()
+    static ValueRecovery alreadyInJSStackAsUnboxedCell()
     {
         ValueRecovery result;
-        result.m_technique = AlreadyInRegisterFileAsUnboxedCell;
+        result.m_technique = AlreadyInJSStackAsUnboxedCell;
         return result;
     }
     
-    static ValueRecovery alreadyInRegisterFileAsUnboxedBoolean()
+    static ValueRecovery alreadyInJSStackAsUnboxedBoolean()
     {
         ValueRecovery result;
-        result.m_technique = AlreadyInRegisterFileAsUnboxedBoolean;
+        result.m_technique = AlreadyInJSStackAsUnboxedBoolean;
         return result;
     }
     
-    static ValueRecovery alreadyInRegisterFileAsUnboxedDouble()
+    static ValueRecovery alreadyInJSStackAsUnboxedDouble()
     {
         ValueRecovery result;
-        result.m_technique = AlreadyInRegisterFileAsUnboxedDouble;
+        result.m_technique = AlreadyInJSStackAsUnboxedDouble;
         return result;
     }
     
@@ -158,29 +158,29 @@ public:
         return result;
     }
     
-    static ValueRecovery displacedInRegisterFile(VirtualRegister virtualReg, DataFormat dataFormat)
+    static ValueRecovery displacedInJSStack(VirtualRegister virtualReg, DataFormat dataFormat)
     {
         ValueRecovery result;
         switch (dataFormat) {
         case DataFormatInteger:
-            result.m_technique = Int32DisplacedInRegisterFile;
+            result.m_technique = Int32DisplacedInJSStack;
             break;
             
         case DataFormatDouble:
-            result.m_technique = DoubleDisplacedInRegisterFile;
+            result.m_technique = DoubleDisplacedInJSStack;
             break;
 
         case DataFormatCell:
-            result.m_technique = CellDisplacedInRegisterFile;
+            result.m_technique = CellDisplacedInJSStack;
             break;
             
         case DataFormatBoolean:
-            result.m_technique = BooleanDisplacedInRegisterFile;
+            result.m_technique = BooleanDisplacedInJSStack;
             break;
             
         default:
             ASSERT(dataFormat != DataFormatNone && dataFormat != DataFormatStorage);
-            result.m_technique = DisplacedInRegisterFile;
+            result.m_technique = DisplacedInJSStack;
             break;
         }
         result.m_source.virtualReg = virtualReg;
@@ -222,14 +222,14 @@ public:
         }
     }
     
-    bool isAlreadyInRegisterFile() const
+    bool isAlreadyInJSStack() const
     {
         switch (technique()) {
-        case AlreadyInRegisterFile:
-        case AlreadyInRegisterFileAsUnboxedInt32:
-        case AlreadyInRegisterFileAsUnboxedCell:
-        case AlreadyInRegisterFileAsUnboxedBoolean:
-        case AlreadyInRegisterFileAsUnboxedDouble:
+        case AlreadyInJSStack:
+        case AlreadyInJSStackAsUnboxedInt32:
+        case AlreadyInJSStackAsUnboxedCell:
+        case AlreadyInJSStackAsUnboxedBoolean:
+        case AlreadyInJSStackAsUnboxedDouble:
             return true;
         default:
             return false;
@@ -264,7 +264,7 @@ public:
     
     VirtualRegister virtualRegister() const
     {
-        ASSERT(m_technique == DisplacedInRegisterFile || m_technique == Int32DisplacedInRegisterFile || m_technique == DoubleDisplacedInRegisterFile || m_technique == CellDisplacedInRegisterFile || m_technique == BooleanDisplacedInRegisterFile);
+        ASSERT(m_technique == DisplacedInJSStack || m_technique == Int32DisplacedInJSStack || m_technique == DoubleDisplacedInJSStack || m_technique == CellDisplacedInJSStack || m_technique == BooleanDisplacedInJSStack);
         return m_source.virtualReg;
     }
     
@@ -277,19 +277,19 @@ public:
     void dump(FILE* out) const
     {
         switch (technique()) {
-        case AlreadyInRegisterFile:
+        case AlreadyInJSStack:
             fprintf(out, "-");
             break;
-        case AlreadyInRegisterFileAsUnboxedInt32:
+        case AlreadyInJSStackAsUnboxedInt32:
             fprintf(out, "(int32)");
             break;
-        case AlreadyInRegisterFileAsUnboxedCell:
+        case AlreadyInJSStackAsUnboxedCell:
             fprintf(out, "(cell)");
             break;
-        case AlreadyInRegisterFileAsUnboxedBoolean:
+        case AlreadyInJSStackAsUnboxedBoolean:
             fprintf(out, "(bool)");
             break;
-        case AlreadyInRegisterFileAsUnboxedDouble:
+        case AlreadyInJSStackAsUnboxedDouble:
             fprintf(out, "(double)");
             break;
         case InGPR:
@@ -312,19 +312,19 @@ public:
             fprintf(out, "pair(%%r%d, %%r%d)", tagGPR(), payloadGPR());
             break;
 #endif
-        case DisplacedInRegisterFile:
+        case DisplacedInJSStack:
             fprintf(out, "*%d", virtualRegister());
             break;
-        case Int32DisplacedInRegisterFile:
+        case Int32DisplacedInJSStack:
             fprintf(out, "*int32(%d)", virtualRegister());
             break;
-        case DoubleDisplacedInRegisterFile:
+        case DoubleDisplacedInJSStack:
             fprintf(out, "*double(%d)", virtualRegister());
             break;
-        case CellDisplacedInRegisterFile:
+        case CellDisplacedInJSStack:
             fprintf(out, "*cell(%d)", virtualRegister());
             break;
-        case BooleanDisplacedInRegisterFile:
+        case BooleanDisplacedInJSStack:
             fprintf(out, "*bool(%d)", virtualRegister());
             break;
         case ArgumentsThatWereNotCreated: