Imported WebKit commit 0282df8ca7c11d8c8a66ea18543695c69f545a27 (http://svn.webkit.org/repository/webkit/trunk@124002)

New snapshot with prospective Mountain Lion build fix

1 files changed, 39 insertions, 27 deletions

diff --git a/Source/JavaScriptCore/runtime/JSObject.cpp b/Source/JavaScriptCore/runtime/JSObject.cpp
index a84597f8b..c40c625e1 100644
--- a/Source/JavaScriptCore/runtime/JSObject.cpp
+++ b/Source/JavaScriptCore/runtime/JSObject.cpp
@@ -38,6 +38,7 @@
 #include "Operations.h"
 #include "PropertyDescriptor.h"
 #include "PropertyNameArray.h"
+#include "SlotVisitorInlineMethods.h"
 #include <math.h>
 #include <wtf/Assertions.h>
 
@@ -85,6 +86,31 @@ static inline void getClassPropertyNames(ExecState* exec, const ClassInfo* class
     }
 }
 
+ALWAYS_INLINE void JSObject::visitOutOfLineStorage(SlotVisitor& visitor, PropertyStorage storage, size_t storageSize)
+{
+    ASSERT(storage);
+    ASSERT(storageSize);
+    
+    size_t capacity = structure()->outOfLineCapacity();
+    ASSERT(capacity);
+    size_t capacityInBytes = capacity * sizeof(WriteBarrierBase<Unknown>);
+    PropertyStorage baseOfStorage = storage - capacity - 1;
+    if (visitor.checkIfShouldCopyAndPinOtherwise(baseOfStorage, capacityInBytes)) {
+        PropertyStorage newBaseOfStorage = static_cast<PropertyStorage>(visitor.allocateNewSpace(capacityInBytes));
+        PropertyStorage currentTarget = newBaseOfStorage + capacity;
+        PropertyStorage newStorage = currentTarget + 1;
+        PropertyStorage currentSource = storage - 1;
+        for (size_t count = storageSize; count--;) {
+            JSValue value = (--currentSource)->get();
+            ASSERT(value);
+            visitor.appendUnbarrieredValue(&value);
+            (--currentTarget)->setWithoutWriteBarrier(value);
+        }
+        m_outOfLineStorage.set(newStorage, StorageBarrier::Unchecked);
+    } else
+        visitor.appendValues(storage - storageSize - 1, storageSize);
+}
+
 void JSObject::visitChildren(JSCell* cell, SlotVisitor& visitor)
 {
     JSObject* thisObject = jsCast<JSObject*>(cell);
@@ -97,18 +123,8 @@ void JSObject::visitChildren(JSCell* cell, SlotVisitor& visitor)
     JSCell::visitChildren(thisObject, visitor);
 
     PropertyStorage storage = thisObject->outOfLineStorage();
-    if (storage) {
-        size_t storageSize = thisObject->structure()->outOfLineSizeForKnownNonFinalObject();
-        size_t capacity = thisObject->structure()->outOfLineCapacity();
-        // We have this extra temp here to slake GCC's thirst for the blood of those who dereference type-punned pointers.
-        void* temp = storage - capacity - 1;
-        visitor.copyAndAppend(&temp, capacity * sizeof(WriteBarrierBase<Unknown>), (storage - storageSize - 1)->slot(), storageSize);
-        storage = static_cast<PropertyStorage>(temp) + capacity + 1;
-        thisObject->m_outOfLineStorage.set(storage, StorageBarrier::Unchecked);
-    }
-
-    if (thisObject->m_inheritorID)
-        visitor.append(&thisObject->m_inheritorID);
+    if (storage)
+        thisObject->visitOutOfLineStorage(visitor, storage, thisObject->structure()->outOfLineSizeForKnownNonFinalObject());
 
 #if !ASSERT_DISABLED
     visitor.m_isCheckingForDefaultMarkViolation = wasCheckingForDefaultMarkViolation;
@@ -127,18 +143,8 @@ void JSFinalObject::visitChildren(JSCell* cell, SlotVisitor& visitor)
     JSCell::visitChildren(thisObject, visitor);
 
     PropertyStorage storage = thisObject->outOfLineStorage();
-    if (storage) {
-        size_t storageSize = thisObject->structure()->outOfLineSizeForKnownFinalObject();
-        size_t capacity = thisObject->structure()->outOfLineCapacity();
-        // We have this extra temp here to slake GCC's thirst for the blood of those who dereference type-punned pointers.
-        void* temp = storage - capacity - 1;
-        visitor.copyAndAppend(&temp, thisObject->structure()->outOfLineCapacity() * sizeof(WriteBarrierBase<Unknown>), (storage - storageSize - 1)->slot(), storageSize);
-        storage = static_cast<PropertyStorage>(temp) + capacity + 1;
-        thisObject->m_outOfLineStorage.set(storage, StorageBarrier::Unchecked);
-    }
-
-    if (thisObject->m_inheritorID)
-        visitor.append(&thisObject->m_inheritorID);
+    if (storage)
+        thisObject->visitOutOfLineStorage(visitor, storage, thisObject->structure()->outOfLineSizeForKnownFinalObject());
 
     size_t storageSize = thisObject->structure()->inlineSizeForKnownFinalObject();
     visitor.appendValues(thisObject->inlineStorage(), storageSize);
@@ -580,15 +586,21 @@ NEVER_INLINE void JSObject::fillGetterPropertySlot(PropertySlot& slot, WriteBarr
 
 Structure* JSObject::createInheritorID(JSGlobalData& globalData)
 {
+    ASSERT(!getDirectLocation(globalData, globalData.m_inheritorIDKey));
+
     JSGlobalObject* globalObject;
     if (isGlobalThis())
         globalObject = static_cast<JSGlobalThis*>(this)->unwrappedObject();
     else
         globalObject = structure()->globalObject();
     ASSERT(globalObject);
-    m_inheritorID.set(globalData, this, createEmptyObjectStructure(globalData, globalObject, this));
-    ASSERT(m_inheritorID->isEmpty());
-    return m_inheritorID.get();
+
+    Structure* inheritorID = createEmptyObjectStructure(globalData, globalObject, this);
+    ASSERT(inheritorID->isEmpty());
+
+    PutPropertySlot slot;
+    putDirectInternal<PutModeDefineOwnProperty>(globalData, globalData.m_inheritorIDKey, inheritorID, DontEnum, slot, 0);
+    return inheritorID;
 }
 
 PropertyStorage JSObject::growOutOfLineStorage(JSGlobalData& globalData, size_t oldSize, size_t newSize)