Import Qt5x2 branch of QtWebkit for Qt 5.2

Importing a new snapshot of webkit.

Change-Id: I2d01ad12cdc8af8cb015387641120a9d7ea5f10c
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@digia.com>

1 files changed, 38 insertions, 35 deletions

diff --git a/Source/JavaScriptCore/runtime/JSFunction.cpp b/Source/JavaScriptCore/runtime/JSFunction.cpp
index 0a98e7c13..3b89f6d7a 100644
--- a/Source/JavaScriptCore/runtime/JSFunction.cpp
+++ b/Source/JavaScriptCore/runtime/JSFunction.cpp
@@ -35,7 +35,9 @@
 #include "JSGlobalObject.h"
 #include "JSNotAnObject.h"
 #include "Interpreter.h"
+#include "ObjectConstructor.h"
 #include "ObjectPrototype.h"
+#include "Operations.h"
 #include "Parser.h"
 #include "PropertyNameArray.h"
 
@@ -61,12 +63,12 @@ JSFunction* JSFunction::create(ExecState* exec, JSGlobalObject* globalObject, in
 #if !ENABLE(JIT)
     UNUSED_PARAM(intrinsic);
 #else
-    if (intrinsic != NoIntrinsic && exec->globalData().canUseJIT()) {
+    if (intrinsic != NoIntrinsic && exec->vm().canUseJIT()) {
         ASSERT(nativeConstructor == callHostFunctionAsConstructor);
-        executable = exec->globalData().getHostFunction(nativeFunction, intrinsic);
+        executable = exec->vm().getHostFunction(nativeFunction, intrinsic);
     } else
 #endif
-        executable = exec->globalData().getHostFunction(nativeFunction, nativeConstructor);
+        executable = exec->vm().getHostFunction(nativeFunction, nativeConstructor);
 
     JSFunction* function = new (NotNull, allocateCell<JSFunction>(*exec->heap())) JSFunction(exec, globalObject, globalObject->functionStructure());
     // Can't do this during initialization because getHostFunction might do a GC allocation.
@@ -80,49 +82,49 @@ void JSFunction::destroy(JSCell* cell)
 }
 
 JSFunction::JSFunction(ExecState* exec, JSGlobalObject* globalObject, Structure* structure)
-    : Base(exec->globalData(), structure)
+    : Base(exec->vm(), structure)
     , m_executable()
-    , m_scope(exec->globalData(), this, globalObject)
+    , m_scope(exec->vm(), this, globalObject)
     // We initialize blind so that changes to the prototype after function creation but before
     // the optimizer kicks in don't disable optimizations. Once the optimizer kicks in, the
     // watchpoint will start watching and any changes will both force deoptimization and disable
     // future attempts to optimize. This is necessary because we are guaranteed that the
-    // inheritorID is changed exactly once prior to optimizations kicking in. We could be
+    // allocation profile is changed exactly once prior to optimizations kicking in. We could be
     // smarter and count the number of times the prototype is clobbered and only optimize if it
     // was clobbered exactly once, but that seems like overkill. In almost all cases it will be
     // clobbered once, and if it's clobbered more than once, that will probably only occur
     // before we started optimizing, anyway.
-    , m_inheritorIDWatchpoint(InitializedBlind)
+    , m_allocationProfileWatchpoint(InitializedBlind)
 {
 }
 
 void JSFunction::finishCreation(ExecState* exec, NativeExecutable* executable, int length, const String& name)
 {
-    Base::finishCreation(exec->globalData());
+    Base::finishCreation(exec->vm());
     ASSERT(inherits(&s_info));
-    m_executable.set(exec->globalData(), this, executable);
-    putDirect(exec->globalData(), exec->globalData().propertyNames->name, jsString(exec, name), DontDelete | ReadOnly | DontEnum);
-    putDirect(exec->globalData(), exec->propertyNames().length, jsNumber(length), DontDelete | ReadOnly | DontEnum);
+    m_executable.set(exec->vm(), this, executable);
+    putDirect(exec->vm(), exec->vm().propertyNames->name, jsString(exec, name), DontDelete | ReadOnly | DontEnum);
+    putDirect(exec->vm(), exec->propertyNames().length, jsNumber(length), DontDelete | ReadOnly | DontEnum);
 }
 
-Structure* JSFunction::cacheInheritorID(ExecState* exec)
+ObjectAllocationProfile* JSFunction::createAllocationProfile(ExecState* exec, size_t inlineCapacity)
 {
-    JSValue prototype = get(exec, exec->globalData().propertyNames->prototype);
-    if (prototype.isObject())
-        m_cachedInheritorID.set(exec->globalData(), this, asObject(prototype)->inheritorID(exec->globalData()));
-    else
-        m_cachedInheritorID.set(exec->globalData(), this, globalObject()->emptyObjectStructure());
-    return m_cachedInheritorID.get();
+    VM& vm = exec->vm();
+    JSObject* prototype = jsDynamicCast<JSObject*>(get(exec, vm.propertyNames->prototype));
+    if (!prototype)
+        prototype = globalObject()->objectPrototype();
+    m_allocationProfile.initialize(globalObject()->vm(), this, prototype, inlineCapacity);
+    return &m_allocationProfile;
 }
 
 String JSFunction::name(ExecState* exec)
 {
-    return get(exec, exec->globalData().propertyNames->name).toWTFString(exec);
+    return get(exec, exec->vm().propertyNames->name).toWTFString(exec);
 }
 
 String JSFunction::displayName(ExecState* exec)
 {
-    JSValue displayName = getDirect(exec->globalData(), exec->globalData().propertyNames->displayName);
+    JSValue displayName = getDirect(exec->vm(), exec->vm().propertyNames->displayName);
     
     if (displayName && isJSString(displayName))
         return asString(displayName)->tryGetValue();
@@ -161,6 +163,7 @@ void JSFunction::visitChildren(JSCell* cell, SlotVisitor& visitor)
 
     visitor.append(&thisObject->m_scope);
     visitor.append(&thisObject->m_executable);
+    thisObject->m_allocationProfile.visitAggregate(visitor);
 }
 
 CallType JSFunction::getCallData(JSCell* cell, CallData& callData)
@@ -218,16 +221,17 @@ bool JSFunction::getOwnPropertySlot(JSCell* cell, ExecState* exec, PropertyName
         return Base::getOwnPropertySlot(thisObject, exec, propertyName, slot);
 
     if (propertyName == exec->propertyNames().prototype) {
-        WriteBarrierBase<Unknown>* location = thisObject->getDirectLocation(exec->globalData(), propertyName);
-
-        if (!location) {
-            JSObject* prototype = constructEmptyObject(exec, thisObject->globalObject()->emptyObjectStructure());
-            prototype->putDirect(exec->globalData(), exec->propertyNames().constructor, thisObject, DontEnum);
-            thisObject->putDirect(exec->globalData(), exec->propertyNames().prototype, prototype, DontDelete | DontEnum);
-            location = thisObject->getDirectLocation(exec->globalData(), exec->propertyNames().prototype);
+        VM& vm = exec->vm();
+        PropertyOffset offset = thisObject->getDirectOffset(vm, propertyName);
+        if (!isValidOffset(offset)) {
+            JSObject* prototype = constructEmptyObject(exec);
+            prototype->putDirect(vm, exec->propertyNames().constructor, thisObject, DontEnum);
+            thisObject->putDirect(vm, exec->propertyNames().prototype, prototype, DontDelete | DontEnum);
+            offset = thisObject->getDirectOffset(vm, exec->propertyNames().prototype);
+            ASSERT(isValidOffset(offset));
         }
 
-        slot.setValue(thisObject, location->get(), thisObject->offsetForLocation(location));
+        slot.setValue(thisObject, thisObject->getDirect(offset), offset);
     }
 
     if (propertyName == exec->propertyNames().arguments) {
@@ -352,9 +356,9 @@ void JSFunction::put(JSCell* cell, ExecState* exec, PropertyName propertyName, J
         // following the rules set out in ECMA-262 8.12.9.
         PropertySlot slot;
         thisObject->methodTable()->getOwnPropertySlot(thisObject, exec, propertyName, slot);
-        thisObject->m_cachedInheritorID.clear();
-        thisObject->m_inheritorIDWatchpoint.notifyWrite();
-        // Don't allow this to be cached, since a [[Put]] must clear m_cachedInheritorID.
+        thisObject->m_allocationProfile.clear();
+        thisObject->m_allocationProfileWatchpoint.notifyWrite();
+        // Don't allow this to be cached, since a [[Put]] must clear m_allocationProfile.
         PutPropertySlot dontCache;
         Base::put(thisObject, exec, propertyName, value, dontCache);
         return;
@@ -378,7 +382,7 @@ bool JSFunction::deleteProperty(JSCell* cell, ExecState* exec, PropertyName prop
 {
     JSFunction* thisObject = jsCast<JSFunction*>(cell);
     // For non-host functions, don't let these properties by deleted - except by DefineOwnProperty.
-    if (!thisObject->isHostFunction() && !exec->globalData().isInDefineOwnProperty()
+    if (!thisObject->isHostFunction() && !exec->vm().isInDefineOwnProperty()
         && (propertyName == exec->propertyNames().arguments
             || propertyName == exec->propertyNames().length
             || propertyName == exec->propertyNames().name
@@ -399,8 +403,8 @@ bool JSFunction::defineOwnProperty(JSObject* object, ExecState* exec, PropertyNa
         // following the rules set out in ECMA-262 8.12.9.
         PropertySlot slot;
         thisObject->methodTable()->getOwnPropertySlot(thisObject, exec, propertyName, slot);
-        thisObject->m_cachedInheritorID.clear();
-        thisObject->m_inheritorIDWatchpoint.notifyWrite();
+        thisObject->m_allocationProfile.clear();
+        thisObject->m_allocationProfileWatchpoint.notifyWrite();
         return Base::defineOwnProperty(object, exec, propertyName, descriptor, throwException);
     }
 
@@ -466,7 +470,6 @@ ConstructType JSFunction::getConstructData(JSCell* cell, ConstructData& construc
     constructData.js.scope = thisObject->scope();
     return ConstructTypeJS;
 }
-    
 
 String getCalculatedDisplayName(CallFrame* callFrame, JSObject* object)
 {